{"id": "SECURITYVULNS:DOC:23113", "bulletinFamily": "software", "title": "[SECURITY] CVE-2009-2901 Apache Tomcat insecure partial deploy after failed undeploy", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy\r\n\r\nSeverity: Low\r\n\r\nVendor:\r\nThe Apache Software Foundation\r\n\r\nVersions Affected:\r\nTomcat 5.5.0 to 5.5.28\r\nTomcat 6.0.0 to 6.0.20\r\nThe unsupported Tomcat 3.x, 4.x and 5.0.x versions may be also\r\naffected.\r\n\r\nDescription:\r\nBy default, Tomcat automatically deploys any directories placed in a\r\nhost's appBase. This behaviour is controlled by the autoDeploy attribute\r\nof a host which defaults to true. After a failed undeploy, the remaining\r\nfiles will be deployed as a result of the autodeployment process.\r\nDepending on circumstances, files normally protected by one or more\r\nsecurity constraints may be deployed without those security constraints,\r\nmaking them accessible without authentication.\r\n\r\nMitigation:\r\n6.0.x users should upgrade to 6.0.24 or apply this patch:\r\nhttp://svn.apache.org/viewvc?rev=892815&view=rev\r\n5.5.x users should upgrade to 5.5.29 when released or apply this patch:\r\nhttp://svn.apache.org/viewvc?rev=902650&view=rev\r\nNote: the patches also address CVE-2009-2693 and CVE-2009-2902.\r\nAlternatively, users of all Tomcat versions may mitigate this issue by\r\nmanually ensuring that an undeploy removes all files. If one or more\r\nfiles cannot be deleted, it may be necessary to stop Tomcat before the\r\nfiles can be deleted.\r\n\r\nCredit:\r\nThis issue was discovered by the Apache Tomcat security team\r\n\r\nReferences:\r\n[1] http://tomcat.apache.org/security.html\r\n\r\nMark Thomas\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (Darwin)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r\n\r\niQIcBAEBAgAGBQJLXMGYAAoJEBDAHFovYFnnwXgP/RAhAkPwPP9R3S5xM/mtZj+l\r\ncQacLI/8FdPOluVUIYNuPP2ti3v2STJyhUMOYVMQIpf7Why4fFiLaIOLZWDS04Gb\r\nUfTQfcFIQlh69h3xQBgkEeSHNegxGLRvl8sLrhLTmaLug4qn8JW81sZnO+9PejmD\r\nCgZKCq2ALqIvNmEU7nZTz/5xzll88O+b8P5UQqDGM9r1Z8fO8oCUood1n2hVdZAb\r\nPoLn7CKqMtb2psGvYWqYDNeB5mRVhHnqUdtQzQy3Sy6C8YBxkmm9HWOZjoAvjMaa\r\nX4N5THNyhXwdfNo9r6CClEiaQM6AK+jRl8SyeNiGNgNHT3Knhn9ANVUcRomRXgJm\r\ndsKKz0wBN/zVp7ux5FLlK9O/a7VNniYMFRwg71Na9KQY6/oRlxpOU9zgWqI9Co9V\r\nLD8g0EWliabOCv3nREDYqwrJq75ffS5TwK8mqWNlW/0gszDex34kVqnS06hMY1HT\r\nOK5Ip1cYhUZLlcfwkmN6tBxBozCteO/Nrfh6HEahc0MXVJXbZxDXLvWtDNSrBMSY\r\nHqt9suXYom1rCxtFdBDtgXctAnB4UrADRxC4w/e7kZ+v3MRMtzl1UG/6cJDQtQ9f\r\nIwt51lECjIW6LqEpSIMTs/v5h9ueSPhY/n7GWNloSqCUgA0XL5sw5lYkGsMmS4Sh\r\ndkab23FgmsfqGqZYUGzv\r\n=vcr6\r\n-----END PGP SIGNATURE-----", "published": "2010-01-26T00:00:00", "modified": "2010-01-26T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23113", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:33", "edition": 1, "viewCount": 28, "enchantments": {"score": {"value": 5.6, "vector": "NONE"}, "dependencies": {"references": [{"type": "centos", "idList": ["CESA-2010:0580"]}, {"type": "cve", "idList": ["CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2207-1:6DF41"]}, {"type": "gentoo", "idList": ["GLSA-201206-24"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/LINUXRPM-RHSA-2010-0119/"]}, {"type": "nessus", "idList": ["5327.PASL", "5489.PRM", "800619.PRM", "CENTOS_RHSA-2010-0580.NASL", "DEBIAN_DSA-2207.NASL", "GENTOO_GLSA-201206-24.NASL", "MACOSX_10_6_3.NASL", "MACOSX_SECUPD2010-002.NASL", "MANDRIVA_MDVSA-2010-176.NASL", "MANDRIVA_MDVSA-2010-177.NASL", "OPENSUSE-2012-883.NASL", "OPENSUSE-2012-884.NASL", "ORACLELINUX_ELSA-2010-0580.NASL", "REDHAT-RHSA-2010-0580.NASL", "SL_20100802_TOMCAT5_ON_SL5_X.NASL", "SUSE9_12585.NASL", "SUSE_11_0_TOMCAT6-100216.NASL", "SUSE_11_1_TOMCAT6-100211.NASL", "SUSE_11_2_TOMCAT6-100210.NASL", "SUSE_TOMCAT5-6839.NASL", "SUSE_TOMCAT5-6841.NASL", "SUSE_TOMCAT5-7003.NASL", "TOMCAT_WAR_DEPLOY_MULTIPLE_VULNERABILITIES.NASL", "UBUNTU_USN-899-1.NASL", "VMWARE_VMSA-2011-0003.NASL", "VMWARE_VMSA-2011-0003_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:102039", "OPENVAS:103454", "OPENVAS:1361412562310100474", "OPENVAS:1361412562310102039", "OPENVAS:1361412562310103454", "OPENVAS:1361412562310122335", "OPENVAS:136141256231069417", "OPENVAS:136141256231071550", "OPENVAS:1361412562310831148", "OPENVAS:1361412562310831151", "OPENVAS:1361412562310835237", "OPENVAS:1361412562310840386", "OPENVAS:1361412562310870302", "OPENVAS:1361412562310880632", "OPENVAS:69417", "OPENVAS:71550", "OPENVAS:831148", "OPENVAS:831151", "OPENVAS:835237", "OPENVAS:840386", "OPENVAS:870302", "OPENVAS:880632"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0580"]}, {"type": "redhat", "idList": ["RHSA-2010:0119", "RHSA-2010:0580", "RHSA-2010:0582"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:23112", "SECURITYVULNS:DOC:23892", "SECURITYVULNS:VULN:10550", "SECURITYVULNS:VULN:10852"]}, {"type": "threatpost", "idList": ["THREATPOST:4F867C686B7E31697E158FBD04A5DD35"]}, {"type": "tomcat", "idList": ["TOMCAT:0B64F54283D152613DC4C77D34E010AF", "TOMCAT:C3A9DD4DC4BB2C17C62CA8202CF2A834"]}, {"type": "ubuntu", "idList": ["USN-899-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2009-2693", "UB:CVE-2009-2901", "UB:CVE-2009-2902"]}]}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2010:0580"]}, {"type": "cve", "idList": ["CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902"]}, {"type": "gentoo", "idList": ["GLSA-201206-24"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2010-176.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310103454", "OPENVAS:1361412562310880632", "OPENVAS:69417", "OPENVAS:870302"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0580"]}, {"type": "redhat", "idList": ["RHSA-2010:0580"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:23892"]}, {"type": "tomcat", "idList": ["TOMCAT:C3A9DD4DC4BB2C17C62CA8202CF2A834"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2009-2901"]}]}, "exploitation": null, "vulnersScore": 5.6}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}

{"nessus": [{"lastseen": "2021-10-18T13:59:10", "description": "This update of tomcat5/6 fixes :\n\n - Directory traversal vulnerability allowed remote attackers to create or overwrite arbitrary files/dirs with a specially crafted WAR file. CVE-2009-2901: CVSS v2 Base Score: 4.3 When autoDeploy is enabled the autodeployment process deployed appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests. (CVE-2009-2693: CVSS v2 Base Score:\n 5.8). (CVE-2009-2902: CVSS v2 Base Score: 4.3)", "cvss3": {"score": null, "vector": null}, "published": "2010-10-11T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 6839)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_TOMCAT5-6839.NASL", "href": "https://www.tenable.com/plugins/nessus/49929", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49929);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\");\n\n script_name(english:\"SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 6839)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat5/6 fixes :\n\n - Directory traversal vulnerability allowed remote\n attackers to create or overwrite arbitrary files/dirs\n with a specially crafted WAR file. CVE-2009-2901: CVSS\n v2 Base Score: 4.3 When autoDeploy is enabled the\n autodeployment process deployed appBase files that\n remain from a failed undeploy, which might allow remote\n attackers to bypass intended authentication requirements\n via HTTP requests. (CVE-2009-2693: CVSS v2 Base Score:\n 5.8). (CVE-2009-2902: CVSS v2 Base Score: 4.3)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2693.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2901.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2902.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6839.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(22, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"tomcat5-5.5.27-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"tomcat5-admin-webapps-5.5.27-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"tomcat5-webapps-5.5.27-0.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-08-19T13:09:03", "description": "According to its self-reported version number, the remote host is running a version of Apache Tomcat that is affected by multiple vulnerabilities:\n\n - When deploying WAR files, the WAR files are not checked for directory traversal attempts which could allow an attacker to create arbitrary content outside of the web root. (CVE-2009-2693)\n\n - By default, Tomcat automatically deploys any directories placed in a host's appBase. This could lead to files which are normally protected by one or more security constraints being deployed without those security constraints. (CVE-2009-2901)\n\n - When deploying WAR files, the WAR file names are not checked for directory traversal attempts which could allow an attacker to caused the deletion of the current contents of the host's work directory. (CVE-2009-2902).\n\nNote that Nessus Network Monitor has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2009-01-25T00:00:00", "type": "nessus", "title": "Apache Tomcat 5.5.x < 5.5.29 / 6.0.x < 6.0.24 WAR Deployment Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-2902", "CVE-2009-2901"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "5327.PASL", "href": "https://www.tenable.com/plugins/nnm/5327", "sourceData": "Binary data 5327.pasl", "cvss": {"score": 5.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-10-18T14:04:05", "description": "This update of tomcat5/6 fixes:\n\n\n\n CVE-2009-2693: CVSS v2 Base Score: 5.8 CVE-2009-2902: CVSS v2 Base Score: 4.3 Directory traversal vulnerability allowed remote attackers to create or overwrite arbitrary files/dirs with a specially crafted WAR file.\n CVE-2009-2901: CVSS v2 Base Score: 4.3 When autoDeploy is enabled the autodeployment process deployed appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.", "cvss3": {"score": null, "vector": null}, "published": "2010-04-09T00:00:00", "type": "nessus", "title": "SuSE Security Update: Security update for Tomcat 5 (tomcat5-6841)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:10", "p-cpe:/a:novell:suse_linux:tomcat5", "p-cpe:/a:novell:suse_linux:tomcat5-admin-webapps", "p-cpe:/a:novell:suse_linux:tomcat5-webapps"], "id": "SUSE_TOMCAT5-6841.NASL", "href": "https://www.tenable.com/plugins/nessus/45472", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\nif(description)\n{\n script_id(45472);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\");\n\n script_name(english: \"SuSE Security Update: Security update for Tomcat 5 (tomcat5-6841)\");\n\n script_set_attribute(attribute: \"synopsis\", value:\n\"The remote SuSE system is missing the security patch tomcat5-6841\");\n script_set_attribute(attribute: \"description\", value: \"\nThis update of tomcat5/6 fixes:\n\n\n\n CVE-2009-2693: CVSS v2 Base Score: 5.8\n CVE-2009-2902: CVSS v2 Base Score: 4.3\n Directory traversal vulnerability allowed remote attackers\n to create or overwrite arbitrary files/dirs with a specially crafted\n WAR file.\n CVE-2009-2901: CVSS v2 Base Score: 4.3\n When autoDeploy is enabled the autodeployment process deployed\n appBase files that remain from a failed undeploy, which might allow\n remote attackers to bypass intended authentication requirements\n via HTTP requests.\n\n\n\");\n script_set_attribute(attribute: \"solution\", value: \"Install the security patch tomcat5-6841\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2009-2693\");\n script_cwe_id(22, 264);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2010/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tomcat5-webapps\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english: \"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif ( ! get_kb_item(\"Host/SuSE/rpm-list\") ) exit(1, \"Could not gather the list of packages\");\n\nif ( rpm_check( reference:\"tomcat5-5.0.30-27.42\", release:\"SLES10\") )\n{\n\tsecurity_warning(port:0, extra:rpm_report_get());\n\texit(0);\n}\nif ( rpm_check( reference:\"tomcat5-admin-webapps-5.0.30-27.42\", release:\"SLES10\") )\n{\n\tsecurity_warning(port:0, extra:rpm_report_get());\n\texit(0);\n}\nif ( rpm_check( reference:\"tomcat5-webapps-5.0.30-27.42\", release:\"SLES10\") )\n{\n\tsecurity_warning(port:0, extra:rpm_report_get());\n\texit(0);\n}\n# END OF TEST\nexit(0,\"Host is not affected\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-04-12T15:08:24", "description": "According to its self-reported version number, the remote host is running a version of Apache Tomcat that is affected by multiple vulnerabilities :\n\n - When deploying WAR files, the WAR files are not checked for directory traversal attempts which could allow an attacker to create arbitrary content outside of the web root. (CVE-2009-2693)\n\n - By default, Tomcat automatically deploys any directories placed in a host's appBase. This could lead to files which are normally protected by one or more security constraints being deployed without those security constraints. (CVE-2009-2901)\n\n - When deploying WAR files, the WAR file names are not checked for directory traversal attempts which could allow an attacker to caused the deletion of the current contents of the host's work directory. (CVE-2009-2902).\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.4, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"}, "published": "2010-01-26T00:00:00", "type": "nessus", "title": "Apache Tomcat WAR Deployment Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_WAR_DEPLOY_MULTIPLE_VULNERABILITIES.NASL", "href": "https://www.tenable.com/plugins/nessus/44314", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44314);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\");\n script_bugtraq_id(37942, 37944, 37945);\n script_xref(name:\"SECUNIA\", value:\"38316\");\n script_xref(name:\"SECUNIA\", value:\"38346\");\n\n script_name(english:\"Apache Tomcat WAR Deployment Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The web server running on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the remote host is\nrunning a version of Apache Tomcat that is affected by multiple\nvulnerabilities :\n\n - When deploying WAR files, the WAR files are not checked\n for directory traversal attempts which could allow an\n attacker to create arbitrary content outside of the web\n root. (CVE-2009-2693)\n\n - By default, Tomcat automatically deploys any directories\n placed in a host's appBase. This could lead to files\n which are normally protected by one or more security\n constraints being deployed without those security\n constraints. (CVE-2009-2901)\n\n - When deploying WAR files, the WAR file names are not\n checked for directory traversal attempts which could\n allow an attacker to caused the deletion of the current\n contents of the host's work directory. (CVE-2009-2902).\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-5.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-6.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/509148/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/509150/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/509151/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tomcat version 6.0.24 / 5.5.29 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2009-2693\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22, 264);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:make_list(\"6.0.24\", \"5.5.29\"), severity:SECURITY_WARNING, granularity_regex:\"^(6(\\.0)?|5(\\.5)?)$\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-10-18T14:03:48", "description": "This update of Apache Tomcat 5 fixes the following security issues :\n\nA directory traversal vulnerability allows remote attackers to create or overwrite arbitrary files and directories with a specially crafted WAR file (CVE-2009-2693 / CVE-2009-2902). When autoDeploy is enabled, the automatic deployment process deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.\n(CVE-2009-2901)\n\nNote that this is a re-release of the security update to correct a regression. The previous patch caused tomcat to delete files it spuriously associated with a failed undeploy.", "cvss3": {"score": null, "vector": null}, "published": "2010-04-28T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 7003)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_TOMCAT5-7003.NASL", "href": "https://www.tenable.com/plugins/nessus/46170", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46170);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\");\n\n script_name(english:\"SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 7003)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of Apache Tomcat 5 fixes the following security issues :\n\nA directory traversal vulnerability allows remote attackers to create\nor overwrite arbitrary files and directories with a specially crafted\nWAR file (CVE-2009-2693 / CVE-2009-2902). When autoDeploy is enabled,\nthe automatic deployment process deploys appBase files that remain\nfrom a failed undeploy, which might allow remote attackers to bypass\nintended authentication requirements via HTTP requests.\n(CVE-2009-2901)\n\nNote that this is a re-release of the security update to correct a\nregression. The previous patch caused tomcat to delete files it\nspuriously associated with a failed undeploy.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2693.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2901.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2902.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7003.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(22, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"tomcat5-5.0.30-27.45\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"tomcat5-admin-webapps-5.0.30-27.45\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"tomcat5-webapps-5.0.30-27.45\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-10-18T14:05:09", "description": "It was discovered that Tomcat did not correctly validate WAR filenames or paths when deploying. A remote attacker could send a specially crafted WAR file to be deployed and cause arbitrary files and directories to be created, overwritten, or deleted.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-02-12T00:00:00", "type": "nessus", "title": "Ubuntu 8.10 / 9.04 / 9.10 : tomcat6 vulnerabilities (USN-899-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java", "p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java-doc", "p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java", "p-cpe:/a:canonical:ubuntu_linux:tomcat6", "p-cpe:/a:canonical:ubuntu_linux:tomcat6-admin", "p-cpe:/a:canonical:ubuntu_linux:tomcat6-common", "p-cpe:/a:canonical:ubuntu_linux:tomcat6-docs", "p-cpe:/a:canonical:ubuntu_linux:tomcat6-examples", "p-cpe:/a:canonical:ubuntu_linux:tomcat6-user", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04", "cpe:/o:canonical:ubuntu_linux:9.10"], "id": "UBUNTU_USN-899-1.NASL", "href": "https://www.tenable.com/plugins/nessus/44594", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-899-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44594);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\");\n script_bugtraq_id(37942, 37944, 37945);\n script_xref(name:\"USN\", value:\"899-1\");\n\n script_name(english:\"Ubuntu 8.10 / 9.04 / 9.10 : tomcat6 vulnerabilities (USN-899-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Tomcat did not correctly validate WAR filenames\nor paths when deploying. A remote attacker could send a specially\ncrafted WAR file to be deployed and cause arbitrary files and\ndirectories to be created, overwritten, or deleted.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/899-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/01/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.10|9\\.04|9\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.10 / 9.04 / 9.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libservlet2.5-java\", pkgver:\"6.0.18-0ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.18-0ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"tomcat6\", pkgver:\"6.0.18-0ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"tomcat6-admin\", pkgver:\"6.0.18-0ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"tomcat6-common\", pkgver:\"6.0.18-0ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"tomcat6-docs\", pkgver:\"6.0.18-0ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"tomcat6-examples\", pkgver:\"6.0.18-0ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"tomcat6-user\", pkgver:\"6.0.18-0ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libservlet2.5-java\", pkgver:\"6.0.18-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libservlet2.5-java-doc\", pkgver:\"6.0.18-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.18-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"tomcat6\", pkgver:\"6.0.18-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"tomcat6-admin\", pkgver:\"6.0.18-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"tomcat6-common\", pkgver:\"6.0.18-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"tomcat6-docs\", pkgver:\"6.0.18-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"tomcat6-examples\", pkgver:\"6.0.18-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"tomcat6-user\", pkgver:\"6.0.18-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libservlet2.5-java\", pkgver:\"6.0.20-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libservlet2.5-java-doc\", pkgver:\"6.0.20-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.20-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6\", pkgver:\"6.0.20-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6-admin\", pkgver:\"6.0.20-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6-common\", pkgver:\"6.0.20-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6-docs\", pkgver:\"6.0.20-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6-examples\", pkgver:\"6.0.20-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6-user\", pkgver:\"6.0.20-2ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libservlet2.5-java / libservlet2.5-java-doc / libtomcat6-java / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-08-19T13:09:03", "description": "The version of Apache Tomcat installed on the remote host is earlier than 5.5.29, or 6.0.24. Such versions are potentially affected by multiple vulnerabilities : \n\n - When deploying WAR files, the WAR files are not checked for directory traversal attempts. This allows an attacker to create arbitrary content outside of the web root by including entries such as '../../bin/catalina.sh' in the WAR. (CVE-2009-2693)\n\n - By default, Tomcat automatically deploys any directories placed in a host's appBase. Depending on circumstances, files normally protected by one or more security constraints may be deployed without those security constraints, making them accessible without authentication. (CVE-2009-2901)\n\n - When deploying WAR files, the WAR file names are not checked for directory traversal attempts, which could lead to the deletion of arbitrary files in the host's work directory. (CVE-2009-2902)\n\n", "cvss3": {"score": null, "vector": null}, "published": "2009-01-25T00:00:00", "type": "nessus", "title": "Apache Tomcat < 5.5.29 / 6.0.24", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-2902", "CVE-2009-2901"], "modified": "2009-01-25T00:00:00", "cpe": [], "id": "800619.PRM", "href": "https://www.tenable.com/plugins/lce/800619", "sourceData": "Binary data 800619.prm", "cvss": {"score": 6.4, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-10-18T14:03:31", "description": "This update of tomcat5/6 fixes :\n\n - CVE-2009-2693: CVSS v2 Base Score: 5.8 CVE-2009-2902:\n CVSS v2 Base Score: 4.3 Directory traversal vulnerability allowed remote attackers to create or overwrite arbitrary files/dirs with a specially crafted WAR file.\n\n - CVE-2009-2901: CVSS v2 Base Score: 4.3 When autoDeploy is enabled the autodeployment process deployed appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.\n\n - CVE-2008-5515: CVSS v2 Base Score: 5.0 When using the RequestDispatcher method, i was possible for remote attackers to bypass intended access restrictions and conduct directory traversal attacks.", "cvss3": {"score": null, "vector": null}, "published": "2010-04-09T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat6 (tomcat6-2000)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5515", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat6", "p-cpe:/a:novell:opensuse:tomcat6-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat6-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat6-javadoc", "p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:opensuse:tomcat6-lib", "p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:opensuse:tomcat6-webapps", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_TOMCAT6-100216.NASL", "href": "https://www.tenable.com/plugins/nessus/45456", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tomcat6-2000.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45456);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\");\n\n script_name(english:\"openSUSE Security Update : tomcat6 (tomcat6-2000)\");\n script_summary(english:\"Check for the tomcat6-2000 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat5/6 fixes :\n\n - CVE-2009-2693: CVSS v2 Base Score: 5.8 CVE-2009-2902:\n CVSS v2 Base Score: 4.3 Directory traversal\n vulnerability allowed remote attackers to create or\n overwrite arbitrary files/dirs with a specially crafted\n WAR file.\n\n - CVE-2009-2901: CVSS v2 Base Score: 4.3 When autoDeploy\n is enabled the autodeployment process deployed appBase\n files that remain from a failed undeploy, which might\n allow remote attackers to bypass intended authentication\n requirements via HTTP requests.\n\n - CVE-2008-5515: CVSS v2 Base Score: 5.0 When using the\n RequestDispatcher method, i was possible for remote\n attackers to bypass intended access restrictions and\n conduct directory traversal attacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=575083\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(22, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"tomcat6-6.0.16-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"tomcat6-admin-webapps-6.0.16-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"tomcat6-docs-webapp-6.0.16-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"tomcat6-javadoc-6.0.16-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"tomcat6-jsp-2_1-api-6.0.16-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"tomcat6-lib-6.0.16-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"tomcat6-servlet-2_5-api-6.0.16-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"tomcat6-webapps-6.0.16-6.7\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-10-18T14:04:05", "description": "This update of tomcat5/6 fixes :\n\n - CVE-2009-2693: CVSS v2 Base Score: 5.8 CVE-2009-2902:\n CVSS v2 Base Score: 4.3 Directory traversal vulnerability allowed remote attackers to create or overwrite arbitrary files/dirs with a specially crafted WAR file.\n\n - CVE-2009-2901: CVSS v2 Base Score: 4.3 When autoDeploy is enabled the autodeployment process deployed appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.\n\n - CVE-2008-5515: CVSS v2 Base Score: 5.0 When using the RequestDispatcher method, i was possible for remote attackers to bypass intended access restrictions and conduct directory traversal attacks.", "cvss3": {"score": null, "vector": null}, "published": "2010-04-09T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat6 (tomcat6-2000)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5515", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat6", "p-cpe:/a:novell:opensuse:tomcat6-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat6-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat6-javadoc", "p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:opensuse:tomcat6-lib", "p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:opensuse:tomcat6-webapps", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_TOMCAT6-100211.NASL", "href": "https://www.tenable.com/plugins/nessus/45462", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tomcat6-2000.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45462);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\");\n\n script_name(english:\"openSUSE Security Update : tomcat6 (tomcat6-2000)\");\n script_summary(english:\"Check for the tomcat6-2000 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat5/6 fixes :\n\n - CVE-2009-2693: CVSS v2 Base Score: 5.8 CVE-2009-2902:\n CVSS v2 Base Score: 4.3 Directory traversal\n vulnerability allowed remote attackers to create or\n overwrite arbitrary files/dirs with a specially crafted\n WAR file.\n\n - CVE-2009-2901: CVSS v2 Base Score: 4.3 When autoDeploy\n is enabled the autodeployment process deployed appBase\n files that remain from a failed undeploy, which might\n allow remote attackers to bypass intended authentication\n requirements via HTTP requests.\n\n - CVE-2008-5515: CVSS v2 Base Score: 5.0 When using the\n RequestDispatcher method, i was possible for remote\n attackers to bypass intended access restrictions and\n conduct directory traversal attacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=575083\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(22, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-6.0.18-16.3.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-admin-webapps-6.0.18-16.3.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-docs-webapp-6.0.18-16.3.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-javadoc-6.0.18-16.3.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-jsp-2_1-api-6.0.18-16.3.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-lib-6.0.18-16.3.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-servlet-2_5-api-6.0.18-16.3.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-webapps-6.0.18-16.3.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-10-18T14:03:56", "description": "This update of tomcat5/6 fixes :\n\n - CVE-2009-2693: CVSS v2 Base Score: 5.8 CVE-2009-2902:\n CVSS v2 Base Score: 4.3 Directory traversal vulnerability allowed remote attackers to create or overwrite arbitrary files/dirs with a specially crafted WAR file.\n\n - CVE-2009-2901: CVSS v2 Base Score: 4.3 When autoDeploy is enabled the autodeployment process deployed appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.\n\n - CVE-2008-5515: CVSS v2 Base Score: 5.0 When using the RequestDispatcher method, i was possible for remote attackers to bypass intended access restrictions and conduct directory traversal attacks.", "cvss3": {"score": null, "vector": null}, "published": "2010-04-09T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat6 (tomcat6-2000)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5515", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat6", "p-cpe:/a:novell:opensuse:tomcat6-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat6-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat6-javadoc", "p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:opensuse:tomcat6-lib", "p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:opensuse:tomcat6-webapps", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_TOMCAT6-100210.NASL", "href": "https://www.tenable.com/plugins/nessus/45468", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tomcat6-2000.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45468);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\");\n\n script_name(english:\"openSUSE Security Update : tomcat6 (tomcat6-2000)\");\n script_summary(english:\"Check for the tomcat6-2000 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat5/6 fixes :\n\n - CVE-2009-2693: CVSS v2 Base Score: 5.8 CVE-2009-2902:\n CVSS v2 Base Score: 4.3 Directory traversal\n vulnerability allowed remote attackers to create or\n overwrite arbitrary files/dirs with a specially crafted\n WAR file.\n\n - CVE-2009-2901: CVSS v2 Base Score: 4.3 When autoDeploy\n is enabled the autodeployment process deployed appBase\n files that remain from a failed undeploy, which might\n allow remote attackers to bypass intended authentication\n requirements via HTTP requests.\n\n - CVE-2008-5515: CVSS v2 Base Score: 5.0 When using the\n RequestDispatcher method, i was possible for remote\n attackers to bypass intended access restrictions and\n conduct directory traversal attacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=575083\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(22, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-6.0.20-24.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-admin-webapps-6.0.20-24.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-docs-webapp-6.0.20-24.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-javadoc-6.0.20-24.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-jsp-2_1-api-6.0.20-24.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-lib-6.0.20-24.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-servlet-2_5-api-6.0.20-24.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-webapps-6.0.20-24.6.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-10-18T14:03:49", "description": "This update of tomcat5/6 fixes :\n\n - CVSS v2 Base Score: 5.8. (CVE-2009-2693)\n\n - CVSS v2 Base Score: 4.3 Directory traversal vulnerability allowed remote attackers to create or overwrite arbitrary files/dirs with a specially crafted WAR file. (CVE-2009-2902)\n\n - CVSS v2 Base Score: 4.3 When autoDeploy is enabled the autodeployment process deployed appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests. (CVE-2009-2901)\n\n - CVSS v2 Base Score: 5.0 When using the RequestDispatcher method, i was possible for remote attackers to bypass intended access restrictions and conduct directory traversal attacks. (CVE-2008-5515)", "cvss3": {"score": null, "vector": null}, "published": "2010-04-09T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : Tomcat (YOU Patch Number 12585)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5515", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12585.NASL", "href": "https://www.tenable.com/plugins/nessus/45452", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45452);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\");\n\n script_name(english:\"SuSE9 Security Update : Tomcat (YOU Patch Number 12585)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat5/6 fixes :\n\n - CVSS v2 Base Score: 5.8. (CVE-2009-2693)\n\n - CVSS v2 Base Score: 4.3 Directory traversal\n vulnerability allowed remote attackers to create or\n overwrite arbitrary files/dirs with a specially crafted\n WAR file. (CVE-2009-2902)\n\n - CVSS v2 Base Score: 4.3 When autoDeploy is enabled the\n autodeployment process deployed appBase files that\n remain from a failed undeploy, which might allow remote\n attackers to bypass intended authentication requirements\n via HTTP requests. (CVE-2009-2901)\n\n - CVSS v2 Base Score: 5.0 When using the RequestDispatcher\n method, i was possible for remote attackers to bypass\n intended access restrictions and conduct directory\n traversal attacks. (CVE-2008-5515)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5515.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2693.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2901.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2902.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12585.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(22, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"apache-jakarta-tomcat-connectors-5.0.19-29.25\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"apache2-jakarta-tomcat-connectors-5.0.19-29.25\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-5.0.19-29.25\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-doc-5.0.19-29.25\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-examples-5.0.19-29.25\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-10-18T13:59:58", "description": "Multiple vulnerabilities has been found and corrected in tomcat5 :\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).\n\nThe autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests (CVE-2009-2901).\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename (CVE-2009-2902).\n\nApache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply (CVE-2010-1157).\n\nApache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with recycling of a buffer. (CVE-2010-2227)\n\nPackages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4 90\n\nThe updated packages have been patched to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-09-13T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : tomcat5 (MDVSA-2010:177)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2010-1157", "CVE-2010-2227"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:tomcat5", "p-cpe:/a:mandriva:linux:tomcat5-admin-webapps", "p-cpe:/a:mandriva:linux:tomcat5-common-lib", "p-cpe:/a:mandriva:linux:tomcat5-jasper", "p-cpe:/a:mandriva:linux:tomcat5-jasper-eclipse", "p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-server-lib", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-webapps", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2009.1", "cpe:/o:mandriva:linux:2010.0", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2010-177.NASL", "href": "https://www.tenable.com/plugins/nessus/49207", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:177. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49207);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_bugtraq_id(37942, 37945, 39635, 41544);\n script_xref(name:\"MDVSA\", value:\"2010:177\");\n\n script_name(english:\"Mandriva Linux Security Advisory : tomcat5 (MDVSA-2010:177)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in tomcat5 :\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through\n5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or\noverwrite arbitrary files via a .. (dot dot) in an entry in a WAR\nfile, as demonstrated by a ../../bin/catalina.bat entry\n(CVE-2009-2693).\n\nThe autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and\n6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase\nfiles that remain from a failed undeploy, which might allow remote\nattackers to bypass intended authentication requirements via HTTP\nrequests (CVE-2009-2901).\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through\n5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete\nwork-directory files via directory traversal sequences in a WAR\nfilename, as demonstrated by the ...war filename (CVE-2009-2902).\n\nApache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might\nallow remote attackers to discover the server's hostname or IP address\nby sending a request for a resource that requires (1) BASIC or (2)\nDIGEST authentication, and then reading the realm field in the\nWWW-Authenticate header in the reply (CVE-2010-1157).\n\nApache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0\nbeta does not properly handle an invalid Transfer-Encoding header,\nwhich allows remote attackers to cause a denial of service\n(application outage) or obtain sensitive information via a crafted\nheader that interferes with recycling of a buffer. (CVE-2010-2227)\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4\n90\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper-eclipse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-admin-webapps-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-common-lib-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-jasper-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-jasper-eclipse-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-jasper-javadoc-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-jsp-2.0-api-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-server-lib-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-servlet-2.4-api-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-webapps-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-admin-webapps-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-common-lib-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-jasper-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-jasper-eclipse-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-jasper-javadoc-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-jsp-2.0-api-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-server-lib-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-servlet-2.4-api-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-webapps-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-admin-webapps-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-common-lib-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-jasper-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-jasper-eclipse-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-jasper-javadoc-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-jsp-2.0-api-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-server-lib-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-servlet-2.4-api-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-webapps-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-admin-webapps-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-common-lib-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jasper-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jasper-eclipse-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jasper-javadoc-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jsp-2.0-api-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-server-lib-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-servlet-2.4-api-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-webapps-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-10-18T14:01:42", "description": "Updated tomcat5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding header in HTTP requests. A specially crafted HTTP request could prevent Tomcat from sending replies, or cause Tomcat to return truncated replies, or replies containing data related to the requests of other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum text stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw in the examples calendar application. With some web browsers, remote attackers could use this flaw to inject arbitrary web script or HTML via the 'time' parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment process. A specially crafted WAR file could, when deployed, cause a file to be created outside of the web root into any directory writable by the Tomcat user, or could lead to the deletion of files in the Tomcat host's work directory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which contain backported patches to resolve these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-03T00:00:00", "type": "nessus", "title": "RHEL 5 : tomcat5 (RHSA-2010:0580)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0781", "CVE-2009-2693", "CVE-2009-2696", "CVE-2009-2902", "CVE-2010-2227"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat5", "p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2010-0580.NASL", "href": "https://www.tenable.com/plugins/nessus/48231", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0580. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48231);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0781\", \"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\");\n script_xref(name:\"RHSA\", value:\"2010:0580\");\n\n script_name(english:\"RHEL 5 : tomcat5 (RHSA-2010:0580)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding\nheader in HTTP requests. A specially crafted HTTP request could\nprevent Tomcat from sending replies, or cause Tomcat to return\ntruncated replies, or replies containing data related to the requests\nof other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum\ntext stated, provide a fix for CVE-2009-0781, a cross-site scripting\n(XSS) flaw in the examples calendar application. With some web\nbrowsers, remote attackers could use this flaw to inject arbitrary web\nscript or HTML via the 'time' parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment\nprocess. A specially crafted WAR file could, when deployed, cause a\nfile to be created outside of the web root into any directory writable\nby the Tomcat user, or could lead to the deletion of files in the\nTomcat host's work directory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-5.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0580\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0580\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-common-lib-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-common-lib-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-common-lib-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-server-lib-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-server-lib-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-server-lib-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-10-18T14:01:42", "description": "Updated tomcat5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding header in HTTP requests. A specially crafted HTTP request could prevent Tomcat from sending replies, or cause Tomcat to return truncated replies, or replies containing data related to the requests of other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum text stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw in the examples calendar application. With some web browsers, remote attackers could use this flaw to inject arbitrary web script or HTML via the 'time' parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment process. A specially crafted WAR file could, when deployed, cause a file to be created outside of the web root into any directory writable by the Tomcat user, or could lead to the deletion of files in the Tomcat host's work directory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which contain backported patches to resolve these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-08-03T00:00:00", "type": "nessus", "title": "CentOS 5 : tomcat5 (CESA-2010:0580)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0781", "CVE-2009-2693", "CVE-2009-2696", "CVE-2009-2902", "CVE-2010-2227"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat5", "p-cpe:/a:centos:centos:tomcat5-admin-webapps", "p-cpe:/a:centos:centos:tomcat5-common-lib", "p-cpe:/a:centos:centos:tomcat5-jasper", "p-cpe:/a:centos:centos:tomcat5-jasper-javadoc", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:centos:centos:tomcat5-server-lib", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:centos:centos:tomcat5-webapps", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2010-0580.NASL", "href": "https://www.tenable.com/plugins/nessus/48218", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0580 and \n# CentOS Errata and Security Advisory 2010:0580 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48218);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-0781\", \"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\");\n script_xref(name:\"RHSA\", value:\"2010:0580\");\n\n script_name(english:\"CentOS 5 : tomcat5 (CESA-2010:0580)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding\nheader in HTTP requests. A specially crafted HTTP request could\nprevent Tomcat from sending replies, or cause Tomcat to return\ntruncated replies, or replies containing data related to the requests\nof other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum\ntext stated, provide a fix for CVE-2009-0781, a cross-site scripting\n(XSS) flaw in the examples calendar application. With some web\nbrowsers, remote attackers could use this flaw to inject arbitrary web\nscript or HTML via the 'time' parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment\nprocess. A specially crafted WAR file could, when deployed, cause a\nfile to be created outside of the web root into any directory writable\nby the Tomcat user, or could lead to the deletion of files in the\nTomcat host's work directory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016858.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?765d4416\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016859.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c24545c0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-10-18T13:35:37", "description": "From Red Hat Security Advisory 2010:0580 :\n\nUpdated tomcat5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding header in HTTP requests. A specially crafted HTTP request could prevent Tomcat from sending replies, or cause Tomcat to return truncated replies, or replies containing data related to the requests of other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum text stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw in the examples calendar application. With some web browsers, remote attackers could use this flaw to inject arbitrary web script or HTML via the 'time' parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment process. A specially crafted WAR file could, when deployed, cause a file to be created outside of the web root into any directory writable by the Tomcat user, or could lead to the deletion of files in the Tomcat host's work directory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which contain backported patches to resolve these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : tomcat5 (ELSA-2010-0580)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0781", "CVE-2009-2693", "CVE-2009-2696", "CVE-2009-2902", "CVE-2010-2227"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat5", "p-cpe:/a:oracle:linux:tomcat5-admin-webapps", "p-cpe:/a:oracle:linux:tomcat5-common-lib", "p-cpe:/a:oracle:linux:tomcat5-jasper", "p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-server-lib", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-webapps", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2010-0580.NASL", "href": "https://www.tenable.com/plugins/nessus/68076", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0580 and \n# Oracle Linux Security Advisory ELSA-2010-0580 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68076);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0781\", \"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\");\n script_xref(name:\"RHSA\", value:\"2010:0580\");\n\n script_name(english:\"Oracle Linux 5 : tomcat5 (ELSA-2010-0580)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0580 :\n\nUpdated tomcat5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding\nheader in HTTP requests. A specially crafted HTTP request could\nprevent Tomcat from sending replies, or cause Tomcat to return\ntruncated replies, or replies containing data related to the requests\nof other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum\ntext stated, provide a fix for CVE-2009-0781, a cross-site scripting\n(XSS) flaw in the examples calendar application. With some web\nbrowsers, remote attackers could use this flaw to inject arbitrary web\nscript or HTML via the 'time' parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment\nprocess. A specially crafted WAR file could, when deployed, cause a\nfile to be created outside of the web root into any directory writable\nby the Tomcat user, or could lead to the deletion of files in the\nTomcat host's work directory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-August/001575.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-10-18T13:44:23", "description": "A flaw was found in the way Tomcat handled the Transfer-Encoding header in HTTP requests. A specially crafted HTTP request could prevent Tomcat from sending replies, or cause Tomcat to return truncated replies, or replies containing data related to the requests of other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum text stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw in the examples calendar application. With some web browsers, remote attackers could use this flaw to inject arbitrary web script or HTML via the 'time' parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment process. A specially crafted WAR file could, when deployed, cause a file to be created outside of the web root into any directory writable by the Tomcat user, or could lead to the deletion of files in the Tomcat host's work directory. (CVE-2009-2693, CVE-2009-2902)\n\nTomcat must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0781", "CVE-2009-2693", "CVE-2009-2696", "CVE-2009-2902", "CVE-2010-2227"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100802_TOMCAT5_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60828);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0781\", \"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way Tomcat handled the Transfer-Encoding\nheader in HTTP requests. A specially crafted HTTP request could\nprevent Tomcat from sending replies, or cause Tomcat to return\ntruncated replies, or replies containing data related to the requests\nof other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum\ntext stated, provide a fix for CVE-2009-0781, a cross-site scripting\n(XSS) flaw in the examples calendar application. With some web\nbrowsers, remote attackers could use this flaw to inject arbitrary web\nscript or HTML via the 'time' parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment\nprocess. A specially crafted WAR file could, when deployed, cause a\nfile to be created outside of the web root into any directory writable\nby the Tomcat user, or could lead to the deletion of files in the\nTomcat host's work directory. (CVE-2009-2693, CVE-2009-2902)\n\nTomcat must be restarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1008&L=scientific-linux-errata&T=0&P=412\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?76cc914b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jasper-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-05-21T15:17:45", "description": "- fix bnc#793394 - bypass of security constraints (CVE-2012-3546)\n\n - apache-tomcat-CVE-2012-3546.patch http://svn.apache.org/viewvc?view=revision&revision=1381 035\n\n - fix bnc#793391 - bypass of CSRF prevention filter (CVE-2012-4431)\n\n - apache-tomcat-CVE-2012-4431.patch http://svn.apache.org/viewvc?view=revision&revision=1394 456\n\n - document how to protect against slowloris DoS (CVE-2012-5568/bnc#791679) in README.SUSE\n\n - fixes bnc#791423 - cnonce tracking weakness (CVE-2012-5885) bnc#791424 - authentication caching weakness (CVE-2012-5886) bnc#791426 - stale nonce weakness (CVE-2012-5887)\n\n - apache-tomcat-CVE-2009-2693-CVE-2009-2901-CVE-2009-2902.\n patch http://svn.apache.org/viewvc?view=revision&revision=1380 829\n\n - fix bnc#789406 - HTTP NIO connector OOM DoS via a request with large headers (CVE-2012-2733)\n\n - http://svn.apache.org/viewvc?view=revision&revision=1356208", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat6 (openSUSE-SU-2012:1700-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2012-2733", "CVE-2012-3546", "CVE-2012-4431", "CVE-2012-5568", "CVE-2012-5885", "CVE-2012-5886", "CVE-2012-5887"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libtcnative-1-0", "p-cpe:/a:novell:opensuse:libtcnative-1-0-debuginfo", "p-cpe:/a:novell:opensuse:libtcnative-1-0-debugsource", "p-cpe:/a:novell:opensuse:libtcnative-1-0-devel", "p-cpe:/a:novell:opensuse:tomcat6", "p-cpe:/a:novell:opensuse:tomcat6-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat6-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat6-el-1_0-api", "p-cpe:/a:novell:opensuse:tomcat6-javadoc", "p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:opensuse:tomcat6-lib", "p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:opensuse:tomcat6-webapps", "cpe:/o:novell:opensuse:12.1"], "id": "OPENSUSE-2012-884.NASL", "href": "https://www.tenable.com/plugins/nessus/74854", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-884.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74854);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2012-2733\", \"CVE-2012-3546\", \"CVE-2012-4431\", \"CVE-2012-5568\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n\n script_name(english:\"openSUSE Security Update : tomcat6 (openSUSE-SU-2012:1700-1)\");\n script_summary(english:\"Check for the openSUSE-2012-884 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix bnc#793394 - bypass of security constraints\n (CVE-2012-3546)\n\n - apache-tomcat-CVE-2012-3546.patch\n http://svn.apache.org/viewvc?view=revision&revision=1381\n 035\n\n - fix bnc#793391 - bypass of CSRF prevention filter\n (CVE-2012-4431)\n\n - apache-tomcat-CVE-2012-4431.patch\n http://svn.apache.org/viewvc?view=revision&revision=1394\n 456\n\n - document how to protect against slowloris DoS\n (CVE-2012-5568/bnc#791679) in README.SUSE\n\n - fixes bnc#791423 - cnonce tracking weakness\n (CVE-2012-5885) bnc#791424 - authentication caching\n weakness (CVE-2012-5886) bnc#791426 - stale nonce\n weakness (CVE-2012-5887)\n\n -\n apache-tomcat-CVE-2009-2693-CVE-2009-2901-CVE-2009-2902.\n patch\n http://svn.apache.org/viewvc?view=revision&revision=1380\n 829\n\n - fix bnc#789406 - HTTP NIO connector OOM DoS via a\n request with large headers (CVE-2012-2733)\n\n - http://svn.apache.org/viewvc?view=revision&revision=1356208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://svn.apache.org/viewvc?view=revision&revision=1356208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://svn.apache.org/viewvc?view=revision&revision=1380829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://svn.apache.org/viewvc?view=revision&revision=1381035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://svn.apache.org/viewvc?view=revision&revision=1394456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=789406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=791423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=791424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=791426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=791679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=793391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=793394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-12/msg00061.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(22, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtcnative-1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtcnative-1-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtcnative-1-0-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtcnative-1-0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-el-1_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libtcnative-1-0-1.3.3-3.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libtcnative-1-0-debuginfo-1.3.3-3.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libtcnative-1-0-debugsource-1.3.3-3.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libtcnative-1-0-devel-1.3.3-3.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-6.0.33-3.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-admin-webapps-6.0.33-3.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-docs-webapp-6.0.33-3.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-el-1_0-api-6.0.33-3.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-javadoc-6.0.33-3.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-jsp-2_1-api-6.0.33-3.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-lib-6.0.33-3.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-servlet-2_5-api-6.0.33-3.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"tomcat6-webapps-6.0.33-3.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtcnative-1-0 / libtcnative-1-0-debuginfo / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-21T15:10:18", "description": "- fix bnc#793394 - bypass of security constraints (CVE-2012-3546)\n\n - tomcat-CVE-2012-3546.patch http://svn.apache.org/viewvc?view=revision&revision=1377 892\n\n - fix bnc#793391 - bypass of CSRF prevention filter (CVE-2012-4431)\n\n - tomcat-CVE-2012-4431.patch http://svn.apache.org/viewvc?view=revision&revision=1393 088\n\n - document how to protect against slowloris DoS (CVE-2012-5568/bnc#791679) in README.SUSE\n\n - fixes bnc#791423 - cnonce tracking weakness (CVE-2012-5885) bnc#791424 - authentication caching weakness (CVE-2012-5886) bnc#791426 - stale nonce weakness (CVE-2012-5887)\n\n - tomcat-dont-parse-user-name-twice.patch http://svn.apache.org/viewvc?view=revision&revision=1366 723\n\n - tomcat-CVE-2009-2693-CVE-2009-2901-CVE-2009-2902.patch http://svn.apache.org/viewvc?view=revision&revision=1377 807\n\n - fix bnc#789406: HTTP NIO connector OOM DoS via a request with large headers (CVE-2012-2733)\n\n - http://svn.apache.org/viewvc?view=revision&revision=1350301\n\n - fix bnc#779538 - Tomcat7 default current workdir isn't /usr/share/tomcat", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat (openSUSE-SU-2012:1701-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2012-2733", "CVE-2012-3546", "CVE-2012-4431", "CVE-2012-5568", "CVE-2012-5885", "CVE-2012-5886", "CVE-2012-5887"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat", "p-cpe:/a:novell:opensuse:tomcat-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat-el-2_2-api", "p-cpe:/a:novell:opensuse:tomcat-javadoc", "p-cpe:/a:novell:opensuse:tomcat-jsp-2_2-api", "p-cpe:/a:novell:opensuse:tomcat-jsvc", "p-cpe:/a:novell:opensuse:tomcat-lib", "p-cpe:/a:novell:opensuse:tomcat-servlet-3_0-api", "p-cpe:/a:novell:opensuse:tomcat-webapps", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2012-883.NASL", "href": "https://www.tenable.com/plugins/nessus/74853", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-883.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74853);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2012-2733\", \"CVE-2012-3546\", \"CVE-2012-4431\", \"CVE-2012-5568\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n\n script_name(english:\"openSUSE Security Update : tomcat (openSUSE-SU-2012:1701-1)\");\n script_summary(english:\"Check for the openSUSE-2012-883 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fix bnc#793394 - bypass of security constraints\n (CVE-2012-3546)\n\n - tomcat-CVE-2012-3546.patch\n http://svn.apache.org/viewvc?view=revision&revision=1377\n 892\n\n - fix bnc#793391 - bypass of CSRF prevention filter\n (CVE-2012-4431)\n\n - tomcat-CVE-2012-4431.patch\n http://svn.apache.org/viewvc?view=revision&revision=1393\n 088\n\n - document how to protect against slowloris DoS\n (CVE-2012-5568/bnc#791679) in README.SUSE\n\n - fixes bnc#791423 - cnonce tracking weakness\n (CVE-2012-5885) bnc#791424 - authentication caching\n weakness (CVE-2012-5886) bnc#791426 - stale nonce\n weakness (CVE-2012-5887)\n\n - tomcat-dont-parse-user-name-twice.patch\n http://svn.apache.org/viewvc?view=revision&revision=1366\n 723\n\n - tomcat-CVE-2009-2693-CVE-2009-2901-CVE-2009-2902.patch\n http://svn.apache.org/viewvc?view=revision&revision=1377\n 807\n\n - fix bnc#789406: HTTP NIO connector OOM DoS via a request\n with large headers (CVE-2012-2733)\n\n - http://svn.apache.org/viewvc?view=revision&revision=1350301\n\n - fix bnc#779538 - Tomcat7 default current workdir isn't\n /usr/share/tomcat\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://svn.apache.org/viewvc?view=revision&revision=1350301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://svn.apache.org/viewvc?view=revision&revision=1366723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://svn.apache.org/viewvc?view=revision&revision=1377807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://svn.apache.org/viewvc?view=revision&revision=1377892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://svn.apache.org/viewvc?view=revision&revision=1393088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=779538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=789406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=791423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=791424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=791426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=791679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=793391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=793394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-12/msg00062.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(22, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-el-2_2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsp-2_2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-servlet-3_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-7.0.27-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-admin-webapps-7.0.27-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-docs-webapp-7.0.27-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-el-2_2-api-7.0.27-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-javadoc-7.0.27-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-jsp-2_2-api-7.0.27-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-jsvc-7.0.27-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-lib-7.0.27-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-servlet-3_0-api-7.0.27-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-webapps-7.0.27-2.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-03-27T15:26:45", "description": "Multiple vulnerabilities has been found and corrected in tomcat5 :\n\nApache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (') characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE:\nthis issue exists because of an incomplete fix for CVE-2007-3385 (CVE-2007-5333).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request (CVE-2008-5515).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header (CVE-2009-0033).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter (CVE-2009-0580).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application (CVE-2009-0783).\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).\n\nThe autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests (CVE-2009-2901).\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename (CVE-2009-2902).\n\nApache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply (CVE-2010-1157).\n\nApache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with recycling of a buffer. (CVE-2010-2227)\n\nPackages for 2008.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4 90\n\nThe updated packages have been patched to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-09-13T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : tomcat5 (MDVSA-2010:176)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-3385", "CVE-2007-5333", "CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0783", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2010-1157", "CVE-2010-2227"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:tomcat5", "p-cpe:/a:mandriva:linux:tomcat5-admin-webapps", "p-cpe:/a:mandriva:linux:tomcat5-common-lib", "p-cpe:/a:mandriva:linux:tomcat5-jasper", "p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-server-lib", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-webapps", "cpe:/o:mandriva:linux:2008.0"], "id": "MANDRIVA_MDVSA-2010-176.NASL", "href": "https://www.tenable.com/plugins/nessus/49206", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:176. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49206);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-5333\", \"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_bugtraq_id(27706, 35193, 35196, 35263, 35416, 37942, 37944, 37945, 39635, 41544);\n script_xref(name:\"MDVSA\", value:\"2010:176\");\n\n script_name(english:\"Mandriva Linux Security Advisory : tomcat5 (MDVSA-2010:176)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in tomcat5 :\n\nApache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0\nthrough 4.1.36 does not properly handle (1) double quote (')\ncharacters or (2) %5C (encoded backslash) sequences in a cookie value,\nwhich might cause sensitive information such as session IDs to be\nleaked to remote attackers and enable session hijacking attacks. NOTE:\nthis issue exists because of an incomplete fix for CVE-2007-3385\n(CVE-2007-5333).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0\nthrough 6.0.18, and possibly earlier versions normalizes the target\npathname before filtering the query string when using the\nRequestDispatcher method, which allows remote attackers to bypass\nintended access restrictions and conduct directory traversal attacks\nvia .. (dot dot) sequences and the WEB-INF directory in a Request\n(CVE-2008-5515).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\nthrough 6.0.18, when the Java AJP connector and mod_jk load balancing\nare used, allows remote attackers to cause a denial of service\n(application outage) via a crafted request with invalid headers,\nrelated to temporary blocking of connectors that have encountered\nerrors, as demonstrated by an error involving a malformed HTTP Host\nheader (CVE-2009-0033).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\nthrough 6.0.18, when FORM authentication is used, allows remote\nattackers to enumerate valid usernames via requests to\n/j_security_check with malformed URL encoding of passwords, related to\nimproper error checking in the (1) MemoryRealm, (2) DataSourceRealm,\nand (3) JDBCRealm authentication realms, as demonstrated by a %\n(percent) value for the j_password parameter (CVE-2009-0580).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\nthrough 6.0.18 permits web applications to replace an XML parser used\nfor other web applications, which allows local users to read or modify\nthe (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web\napplications via a crafted application that is loaded earlier than the\ntarget application (CVE-2009-0783).\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through\n5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or\noverwrite arbitrary files via a .. (dot dot) in an entry in a WAR\nfile, as demonstrated by a ../../bin/catalina.bat entry\n(CVE-2009-2693).\n\nThe autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and\n6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase\nfiles that remain from a failed undeploy, which might allow remote\nattackers to bypass intended authentication requirements via HTTP\nrequests (CVE-2009-2901).\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through\n5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete\nwork-directory files via directory traversal sequences in a WAR\nfilename, as demonstrated by the ...war filename (CVE-2009-2902).\n\nApache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might\nallow remote attackers to discover the server's hostname or IP address\nby sending a request for a resource that requires (1) BASIC or (2)\nDIGEST authentication, and then reading the realm field in the\nWWW-Authenticate header in the reply (CVE-2010-1157).\n\nApache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0\nbeta does not properly handle an invalid Transfer-Encoding header,\nwhich allows remote attackers to cause a denial of service\n(application outage) or obtain sensitive information via a crafted\nheader that interferes with recycling of a buffer. (CVE-2010-2227)\n\nPackages for 2008.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4\n90\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 22, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-admin-webapps-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-common-lib-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-jasper-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-jasper-javadoc-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-jsp-2.0-api-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-server-lib-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-servlet-2.4-api-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-webapps-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T13:01:22", "description": "Various vulnerabilities have been discovered in the Tomcat Servlet and JSP engine, resulting in denial of service, cross-site scripting, information disclosure and WAR file traversal. Further details on the individual security issues can be found on the Apache Tomcat 5 vulnerabilities page.", "cvss3": {"score": 4.2, "vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"}, "published": "2011-03-30T00:00:00", "type": "nessus", "title": "Debian DSA-2207-1 : tomcat5.5 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-2693", "CVE-2009-2902", "CVE-2010-1157", "CVE-2010-2227"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat5.5", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2207.NASL", "href": "https://www.tenable.com/plugins/nessus/53212", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2207. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53212);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_bugtraq_id(35193, 35196, 35263, 35416, 37944, 37945, 39635, 41544);\n script_xref(name:\"DSA\", value:\"2207\");\n\n script_name(english:\"Debian DSA-2207-1 : tomcat5.5 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various vulnerabilities have been discovered in the Tomcat Servlet and\nJSP engine, resulting in denial of service, cross-site scripting,\ninformation disclosure and WAR file traversal. Further details on the\nindividual security issues can be found on the Apache Tomcat 5\nvulnerabilities page.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-5.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2207\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat5.5 packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 5.5.26-5lenny2.\n\nThe stable distribution (squeeze) no longer contains tomcat5.5.\ntomcat6 is already fixed.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 22, 79, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"tomcat5.5\", reference:\"5.5.26-5lenny2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:58:04", "description": "The remote host is affected by the vulnerability described in GLSA-201206-24 (Apache Tomcat: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details.\n Impact :\n\n The vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server&rsquo;s hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 4.2, "vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"}, "published": "2012-06-25T00:00:00", "type": "nessus", "title": "GLSA-201206-24 : Apache Tomcat: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2010-1157", "CVE-2010-2227", "CVE-2010-3718", "CVE-2010-4172", "CVE-2010-4312", "CVE-2011-0013", "CVE-2011-0534", "CVE-2011-1088", "CVE-2011-1183", "CVE-2011-1184", "CVE-2011-1419", "CVE-2011-1475", "CVE-2011-1582", "CVE-2011-2204", "CVE-2011-2481", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:tomcat", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201206-24.NASL", "href": "https://www.tenable.com/plugins/nessus/59677", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201206-24.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59677);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2010-4312\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-1088\", \"CVE-2011-1183\", \"CVE-2011-1184\", \"CVE-2011-1419\", \"CVE-2011-1475\", \"CVE-2011-1582\", \"CVE-2011-2204\", \"CVE-2011-2481\", \"CVE-2011-2526\", \"CVE-2011-2729\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_bugtraq_id(35193, 35196, 35263, 35416, 37942, 37944, 37945, 39635, 41544, 45015, 46164, 46174, 46177, 46685, 47196, 47199, 47886, 48456, 48667, 49143, 49147, 49353, 49762, 51200, 51442, 51447);\n script_xref(name:\"GLSA\", value:\"201206-24\");\n\n script_name(english:\"GLSA-201206-24 : Apache Tomcat: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201206-24\n(Apache Tomcat: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Apache Tomcat. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n The vulnerabilities allow an attacker to cause a Denial of Service, to\n hijack a session, to bypass authentication, to inject webscript, to\n enumerate valid usernames, to read, modify and overwrite arbitrary files,\n to bypass intended access restrictions, to delete work-directory files,\n to discover the server&rsquo;s hostname or IP, to bypass read permissions for\n files or HTTP headers, to read or write files outside of the intended\n working directory, and to obtain sensitive information by reading a log\n file.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201206-24\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Apache Tomcat 6.0.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-6.0.35'\n All Apache Tomcat 7.0.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-7.0.23'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 22, 79, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/tomcat\", unaffected:make_list(\"rge 6.0.35\", \"ge 7.0.23\", \"rge 6.0.44\", \"rge 6.0.45\", \"rge 6.0.46\", \"rge 6.0.47\", \"rge 6.0.48\"), vulnerable:make_list(\"lt 7.0.23\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache Tomcat\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-18T14:04:36", "description": "The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-002 applied.\n\nThis security update contains fixes for the following products :\n\n - AppKit\n - Application Firewall\n - AFP Server\n - Apache\n - ClamAV\n - CoreTypes\n - CUPS\n - curl\n - Cyrus IMAP\n - Cyrus SASL\n - Disk Images\n - Directory Services\n - Event Monitor\n - FreeRADIUS\n - FTP Server\n - iChat Server\n - Image RAW\n - Libsystem\n - Mail\n - Mailman\n - OS Services\n - Password Server\n - perl\n - PHP\n - PS Normalizer\n - Ruby\n - Server Admin\n - SMB\n - Tomcat\n - unzip\n - vim\n - Wiki Server\n - X11\n - xar", "cvss3": {"score": null, "vector": null}, "published": "2010-03-29T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2010-002)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0063", "CVE-2006-1329", "CVE-2008-0564", "CVE-2008-0888", "CVE-2008-2712", "CVE-2008-4101", "CVE-2008-5302", "CVE-2008-5303", "CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0037", "CVE-2009-0316", "CVE-2009-0580", "CVE-2009-0688", "CVE-2009-0689", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-1904", "CVE-2009-2042", "CVE-2009-2417", "CVE-2009-2422", "CVE-2009-2632", "CVE-2009-2693", "CVE-2009-2801", "CVE-2009-2901", "CVE-2009-2902", "CVE-2009-2906", "CVE-2009-3009", "CVE-2009-3095", "CVE-2009-3557", "CVE-2009-3558", "CVE-2009-3559", "CVE-2009-4142", "CVE-2009-4143", "CVE-2009-4214", "CVE-2010-0041", "CVE-2010-0042", "CVE-2010-0055", "CVE-2010-0056", "CVE-2010-0057", "CVE-2010-0058", "CVE-2010-0063", "CVE-2010-0065", "CVE-2010-0393", "CVE-2010-0497", "CVE-2010-0498", "CVE-2010-0500", "CVE-2010-0501", "CVE-2010-0502", "CVE-2010-0503", "CVE-2010-0504", "CVE-2010-0505", "CVE-2010-0506", "CVE-2010-0507", "CVE-2010-0508", "CVE-2010-0509", "CVE-2010-0510", "CVE-2010-0513", "CVE-2010-0521", "CVE-2010-0522", "CVE-2010-0523", "CVE-2010-0524", "CVE-2010-0525", "CVE-2010-0533"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2010-002.NASL", "href": "https://www.tenable.com/plugins/nessus/45373", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0);\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(45373);\n script_version(\"1.29\");\n script_cvs_date(\"Date: 2018/07/16 12:48:31\");\n\n script_cve_id(\n \"CVE-2003-0063\",\n \"CVE-2006-1329\",\n \"CVE-2008-0564\",\n \"CVE-2008-0888\",\n \"CVE-2008-2712\",\n \"CVE-2008-4101\",\n \"CVE-2008-5302\",\n \"CVE-2008-5303\",\n \"CVE-2008-5515\",\n \"CVE-2009-0033\",\n \"CVE-2009-0037\",\n \"CVE-2009-0316\",\n \"CVE-2009-0580\",\n \"CVE-2009-0688\",\n \"CVE-2009-0689\",\n \"CVE-2009-0781\",\n \"CVE-2009-0783\",\n \"CVE-2009-1904\",\n \"CVE-2009-2042\",\n \"CVE-2009-2417\",\n \"CVE-2009-2422\",\n \"CVE-2009-2632\",\n \"CVE-2009-2693\",\n \"CVE-2009-2801\",\n \"CVE-2009-2901\",\n \"CVE-2009-2902\",\n \"CVE-2009-2906\",\n \"CVE-2009-3009\",\n \"CVE-2009-3095\",\n \"CVE-2009-3557\",\n \"CVE-2009-3558\",\n \"CVE-2009-3559\",\n \"CVE-2009-4142\",\n \"CVE-2009-4143\",\n \"CVE-2009-4214\",\n \"CVE-2010-0041\",\n \"CVE-2010-0042\",\n \"CVE-2010-0055\",\n \"CVE-2010-0056\",\n \"CVE-2010-0057\",\n \"CVE-2010-0058\",\n \"CVE-2010-0063\",\n \"CVE-2010-0065\",\n \"CVE-2010-0393\",\n \"CVE-2010-0497\",\n \"CVE-2010-0498\",\n \"CVE-2010-0500\",\n \"CVE-2010-0501\",\n \"CVE-2010-0502\",\n \"CVE-2010-0503\",\n \"CVE-2010-0504\",\n \"CVE-2010-0505\",\n \"CVE-2010-0506\",\n \"CVE-2010-0507\",\n \"CVE-2010-0508\",\n \"CVE-2010-0509\",\n \"CVE-2010-0510\",\n \"CVE-2010-0513\",\n \"CVE-2010-0521\",\n \"CVE-2010-0522\",\n \"CVE-2010-0523\",\n \"CVE-2010-0524\",\n \"CVE-2010-0525\",\n \"CVE-2010-0533\"\n );\n script_bugtraq_id(\n 6940,\n 12767,\n 17155,\n 27630,\n 28288,\n 29715,\n 30795,\n 33447,\n 33962,\n 34961,\n 35193,\n 35196,\n 35233,\n 35263,\n 35278,\n 35416,\n 35510,\n 35579,\n 36032,\n 36278,\n 36296,\n 36377,\n 36554,\n 36555,\n 36573,\n 37142,\n 37389,\n 37390,\n 37942,\n 37944,\n 37945,\n 38524,\n 38676,\n 38677,\n 39151,\n 39156,\n 39157,\n 39169,\n 39170,\n 39171,\n 39172,\n 39175,\n 39194,\n 39231,\n 39232,\n 39234,\n 39245,\n 39252,\n 39255,\n 39256,\n 39264,\n 39268,\n 39273,\n 39274,\n 39277,\n 39279,\n 39281,\n 39289,\n 39290,\n 39292\n );\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2010-002)\");\n script_summary(english:\"Check for the presence of Security Update 2010-002\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.5 that does not\nhave Security Update 2010-002 applied.\n\nThis security update contains fixes for the following products :\n\n - AppKit\n - Application Firewall\n - AFP Server\n - Apache\n - ClamAV\n - CoreTypes\n - CUPS\n - curl\n - Cyrus IMAP\n - Cyrus SASL\n - Disk Images\n - Directory Services\n - Event Monitor\n - FreeRADIUS\n - FTP Server\n - iChat Server\n - Image RAW\n - Libsystem\n - Mail\n - Mailman\n - OS Services\n - Password Server\n - perl\n - PHP\n - PS Normalizer\n - Ruby\n - Server Admin\n - SMB\n - Tomcat\n - unzip\n - vim\n - Wiki Server\n - X11\n - xar\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT4077\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2010/Mar/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www.securityfocus.com/advisories/19364\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install Security Update 2010-002 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 22, 79, 119, 189, 200, 264, 287, 310, 352, 362);\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/29\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n\n exit(0);\n}\n\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\n\npat = \"^.+Darwin.* ([0-9]+\\.[0-9.]+).*$\";\nif (!ereg(pattern:pat, string:uname)) exit(1, \"Can't identify the Darwin kernel version from the uname output (\"+uname+\").\");\n\n\ndarwin = ereg_replace(pattern:pat, replace:\"\\1\", string:uname);\nif (ereg(pattern:\"^9\\.[0-8]\\.\", string:darwin))\n{\n packages = get_kb_item(\"Host/MacOSX/packages/boms\");\n if (!packages) exit(1, \"The 'Host/MacOSX/packages/boms' KB item is missing.\");\n\n if (egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2010\\.00[2-9]|201[1-9]\\.[0-9]+)(\\.leopard)?\\.bom\", string:packages)) \n exit(0, \"The host has Security Update 2010-002 or later installed and therefore is not affected.\");\n else \n security_hole(0);\n}\nelse exit(0, \"The host is running Darwin kernel version \"+darwin+\" and therefore is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-16T15:33:19", "description": "The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.3.\n\nMac OS X 10.6.3 contains security fixes for the following products :\n\n - AFP Server\n - Apache\n - CoreAudio\n - CoreMedia\n - CoreTypes\n - CUPS\n - DesktopServices\n - Disk Images\n - Directory Services\n - Dovecot\n - Event Monitor\n - FreeRADIUS\n - FTP Server\n - iChat Server\n - ImageIO\n - Image RAW\n - Libsystem\n - Mail\n - MySQL\n - OS Services\n - Password Server\n - PHP\n - Podcast Producer\n - Preferences\n - PS Normalizer\n - QuickTime\n - Ruby\n - Server Admin\n - SMB\n - Tomcat\n - Wiki Server\n - X11", "cvss3": {"score": null, "vector": null}, "published": "2010-03-29T00:00:00", "type": "nessus", "title": "Mac OS X 10.6.x < 10.6.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0063", "CVE-2006-1329", "CVE-2008-4456", "CVE-2008-5515", "CVE-2008-7247", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0689", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-1904", "CVE-2009-2042", "CVE-2009-2417", "CVE-2009-2422", "CVE-2009-2446", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2009-2906", "CVE-2009-3009", "CVE-2009-3095", "CVE-2009-3557", "CVE-2009-3558", "CVE-2009-3559", "CVE-2009-4017", "CVE-2009-4019", "CVE-2009-4030", "CVE-2009-4214", "CVE-2010-0041", "CVE-2010-0042", "CVE-2010-0043", "CVE-2010-0057", "CVE-2010-0059", "CVE-2010-0060", "CVE-2010-0062", "CVE-2010-0063", "CVE-2010-0064", "CVE-2010-0065", "CVE-2010-0393", "CVE-2010-0497", "CVE-2010-0498", "CVE-2010-0500", "CVE-2010-0501", "CVE-2010-0502", "CVE-2010-0504", "CVE-2010-0505", "CVE-2010-0507", "CVE-2010-0508", "CVE-2010-0509", "CVE-2010-0510", "CVE-2010-0511", "CVE-2010-0512", "CVE-2010-0513", "CVE-2010-0514", "CVE-2010-0515", "CVE-2010-0516", "CVE-2010-0517", "CVE-2010-0518", "CVE-2010-0519", "CVE-2010-0520", "CVE-2010-0521", "CVE-2010-0524", "CVE-2010-0525", "CVE-2010-0526", "CVE-2010-0533", "CVE-2010-0534", "CVE-2010-0535", "CVE-2010-0537"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_6_3.NASL", "href": "https://www.tenable.com/plugins/nessus/45372", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0);\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(45372);\n script_version(\"1.31\");\n script_cvs_date(\"Date: 2018/07/16 12:48:31\");\n\n script_cve_id(\n \"CVE-2003-0063\",\n \"CVE-2006-1329\",\n \"CVE-2008-4456\",\n \"CVE-2008-5515\",\n \"CVE-2008-7247\",\n \"CVE-2009-0033\",\n \"CVE-2009-0580\",\n \"CVE-2009-0689\",\n \"CVE-2009-0781\",\n \"CVE-2009-0783\",\n \"CVE-2009-1904\",\n \"CVE-2009-2042\",\n \"CVE-2009-2417\",\n \"CVE-2009-2422\",\n \"CVE-2009-2446\",\n \"CVE-2009-2693\",\n \"CVE-2009-2901\",\n \"CVE-2009-2902\",\n \"CVE-2009-2906\",\n \"CVE-2009-3009\",\n \"CVE-2009-3095\",\n \"CVE-2009-3557\",\n \"CVE-2009-3558\",\n \"CVE-2009-3559\",\n \"CVE-2009-4017\",\n \"CVE-2009-4019\",\n \"CVE-2009-4030\",\n \"CVE-2009-4214\",\n \"CVE-2010-0041\",\n \"CVE-2010-0042\",\n \"CVE-2010-0043\",\n \"CVE-2010-0057\",\n \"CVE-2010-0059\",\n \"CVE-2010-0060\",\n \"CVE-2010-0062\",\n \"CVE-2010-0063\",\n \"CVE-2010-0064\",\n \"CVE-2010-0065\",\n \"CVE-2010-0393\",\n \"CVE-2010-0497\",\n \"CVE-2010-0498\",\n \"CVE-2010-0500\",\n \"CVE-2010-0501\",\n \"CVE-2010-0502\",\n \"CVE-2010-0504\",\n \"CVE-2010-0505\",\n \"CVE-2010-0507\",\n \"CVE-2010-0508\",\n \"CVE-2010-0509\",\n \"CVE-2010-0510\",\n \"CVE-2010-0511\",\n \"CVE-2010-0512\",\n \"CVE-2010-0513\",\n \"CVE-2010-0514\",\n \"CVE-2010-0515\",\n \"CVE-2010-0516\",\n \"CVE-2010-0517\",\n \"CVE-2010-0518\",\n \"CVE-2010-0519\",\n \"CVE-2010-0520\",\n \"CVE-2010-0521\",\n \"CVE-2010-0524\",\n \"CVE-2010-0525\",\n \"CVE-2010-0526\",\n \"CVE-2010-0533\",\n \"CVE-2010-0534\",\n \"CVE-2010-0535\",\n \"CVE-2010-0537\"\n );\n script_bugtraq_id(\n 6940,\n 17155,\n 31486,\n 35193,\n 35196,\n 35233,\n 35263,\n 35278,\n 35416,\n 35510,\n 35579,\n 35609,\n 36032,\n 36278,\n 36554,\n 36555,\n 36573,\n 37075,\n 37142,\n 37297,\n 37942,\n 37944,\n 37945,\n 38043,\n 38524,\n 38673,\n 38676,\n 38677,\n 39151,\n 39153,\n 39157,\n 39160,\n 39161,\n 39171,\n 39172,\n 39175,\n 39194,\n 39230,\n 39231,\n 39232,\n 39234,\n 39236,\n 39252,\n 39255,\n 39256,\n 39258,\n 39264,\n 39268,\n 39273,\n 39274,\n 39278,\n 39279,\n 39281,\n 39291\n );\n\n script_name(english:\"Mac OS X 10.6.x < 10.6.3 Multiple Vulnerabilities\");\n script_summary(english:\"Check the version of Mac OS X\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.6.x that is prior\nto 10.6.3.\n\nMac OS X 10.6.3 contains security fixes for the following products :\n\n - AFP Server\n - Apache\n - CoreAudio\n - CoreMedia\n - CoreTypes\n - CUPS\n - DesktopServices\n - Disk Images\n - Directory Services\n - Dovecot\n - Event Monitor\n - FreeRADIUS\n - FTP Server\n - iChat Server\n - ImageIO\n - Image RAW\n - Libsystem\n - Mail\n - MySQL\n - OS Services\n - Password Server\n - PHP\n - Podcast Producer\n - Preferences\n - PS Normalizer\n - QuickTime\n - Ruby\n - Server Admin\n - SMB\n - Tomcat\n - Wiki Server\n - X11\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT4077\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2010/Mar/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www.securityfocus.com/advisories/19364\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade to Mac OS X 10.6.3 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 22, 59, 79, 119, 134, 189, 200, 264, 287, 310);\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/29\");\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n \n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n \n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n\n exit(0);\n}\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item(\"Host/OS\");\n c = get_kb_item(\"Host/OS/Confidence\");\n if ( isnull(os) || c <= 70 ) exit(0);\n}\nif (!os) exit(1, \"The 'Host/OS' KB item is missing.\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.6($|\\.[0-2]([^0-9]|$))\", string:os)) security_hole(0);\nelse exit(0, \"The host is not affected as it is running \"+os+\".\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:04:50", "description": "The remote host is running a version of Mac OS X 10.6 that is older than version 10.6.3. Mac OS X 10.6.3 contains security fixes for the following products :\n\n - AFP Server\n\n - Apache\n\n - CoreAudio\n\n - CoreMedia\n\n - CoreTypes\n\n - CUPS\n\n - DesktopServices\n\n - Disk Images\n\n - Directory Services\n\n - Dovecot\n\n - Event Monitor\n\n - FreeRADIUS\n\n - FTP Server\n\n - iChat Server\n\n - ImageIO\n\n - Image RAW\n\n - Libsystem\n\n - Mail\n\n - MySQL\n\n - OS Services\n\n - Password Server\n\n - PHP\n\n - Podcast Producer\n\n - Preferences\n\n - PS Normalizer\n\n - QuickTime\n\n - Ruby\n\n - Server Admin\n\n - SMB\n\n - Tomcat\n\n - Wiki Server\n\n - X11", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2010-03-30T00:00:00", "type": "nessus", "title": "Mac OS X < 10.6.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0580", "CVE-2009-2042", "CVE-2009-4017", "CVE-2009-0689", "CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0783", "CVE-2008-7247", "CVE-2009-4019", "CVE-2009-4030", "CVE-2008-4456", "CVE-2009-2446", "CVE-2009-0781", "CVE-2009-2693", "CVE-2009-2902", "CVE-2003-0063", "CVE-2009-1904", "CVE-2009-2417", "CVE-2009-2906", "CVE-2009-3095", "CVE-2006-1329", "CVE-2009-2901", "CVE-2010-0393", "CVE-2010-0500", "CVE-2009-4214", "CVE-2010-0509", "CVE-2010-0513", "CVE-2010-0520", "CVE-2010-0526", "CVE-2010-0512", "CVE-2010-0059", "CVE-2010-0057", "CVE-2010-0517", "CVE-2010-0519", "CVE-2009-3557", "CVE-2009-3558", "CVE-2009-3009", "CVE-2010-0504", "CVE-2010-0516", "CVE-2009-2422", "CVE-2009-3559", "CVE-2010-0041", "CVE-2010-0042", "CVE-2010-0043", "CVE-2010-0060", "CVE-2010-0062", "CVE-2010-0063", "CVE-2010-0064", "CVE-2010-0065", "CVE-2010-0497", "CVE-2010-0498", "CVE-2010-0501", "CVE-2010-0502", "CVE-2010-0505", "CVE-2010-0507", "CVE-2010-0508", "CVE-2010-0510", "CVE-2010-0511", "CVE-2010-0514", "CVE-2010-0515", "CVE-2010-0518", "CVE-2010-0521", "CVE-2010-0524", "CVE-2010-0525", "CVE-2010-0533", "CVE-2010-0534", "CVE-2010-0535", "CVE-2010-0537"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"], "id": "5489.PRM", "href": "https://www.tenable.com/plugins/nnm/5489", "sourceData": "Binary data 5489.prm", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:43:11", "description": "The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries :\n\n - Apache Tomcat \n - Apache Tomcat Manager\n - cURL \n - Java Runtime Environment (JRE)\n - Kernel \n - Microsoft SQL Express\n - OpenSSL\n - pam_krb5", "cvss3": {"score": null, "vector": null}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0085", "CVE-2008-0086", "CVE-2008-0106", "CVE-2008-0107", "CVE-2008-3825", "CVE-2008-5416", "CVE-2009-1384", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2009-3548", "CVE-2009-3555", "CVE-2009-4308", "CVE-2010-0003", "CVE-2010-0007", "CVE-2010-0008", "CVE-2010-0082", "CVE-2010-0084", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0088", "CVE-2010-0089", "CVE-2010-0090", "CVE-2010-0091", "CVE-2010-0092", "CVE-2010-0093", "CVE-2010-0094", "CVE-2010-0095", "CVE-2010-0291", "CVE-2010-0307", "CVE-2010-0410", "CVE-2010-0415", "CVE-2010-0433", "CVE-2010-0437", "CVE-2010-0622", "CVE-2010-0730", "CVE-2010-0734", "CVE-2010-0740", "CVE-2010-0837", "CVE-2010-0838", "CVE-2010-0839", "CVE-2010-0840", "CVE-2010-0841", "CVE-2010-0842", "CVE-2010-0843", "CVE-2010-0844", "CVE-2010-0845", "CVE-2010-0846", "CVE-2010-0847", "CVE-2010-0848", "CVE-2010-0849", "CVE-2010-0850", "CVE-2010-0886", "CVE-2010-1084", "CVE-2010-1085", "CVE-2010-1086", "CVE-2010-1087", "CVE-2010-1088", "CVE-2010-1157", "CVE-2010-1173", "CVE-2010-1187", "CVE-2010-1321", "CVE-2010-1436", "CVE-2010-1437", "CVE-2010-1641", "CVE-2010-2066", "CVE-2010-2070", "CVE-2010-2226", "CVE-2010-2227", "CVE-2010-2240", "CVE-2010-2248", "CVE-2010-2521", "CVE-2010-2524", "CVE-2010-2928", "CVE-2010-2939", "CVE-2010-3081", "CVE-2010-3541", "CVE-2010-3548", "CVE-2010-3549", "CVE-2010-3550", "CVE-2010-3551", "CVE-2010-3553", "CVE-2010-3554", "CVE-2010-3556", "CVE-2010-3557", "CVE-2010-3559", "CVE-2010-3561", "CVE-2010-3562", "CVE-2010-3565", "CVE-2010-3566", "CVE-2010-3567", "CVE-2010-3568", "CVE-2010-3569", "CVE-2010-3571", "CVE-2010-3572", "CVE-2010-3573", "CVE-2010-3574", "CVE-2010-3864"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx", "cpe:/o:vmware:esxi"], "id": "VMWARE_VMSA-2011-0003_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/89674", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89674);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2008-0085\",\n \"CVE-2008-0086\",\n \"CVE-2008-0106\",\n \"CVE-2008-0107\",\n \"CVE-2008-3825\",\n \"CVE-2008-5416\",\n \"CVE-2009-1384\",\n \"CVE-2009-2693\",\n \"CVE-2009-2901\",\n \"CVE-2009-2902\",\n \"CVE-2009-3548\",\n \"CVE-2009-3555\",\n \"CVE-2009-4308\",\n \"CVE-2010-0003\",\n \"CVE-2010-0007\",\n \"CVE-2010-0008\",\n \"CVE-2010-0082\",\n \"CVE-2010-0084\",\n \"CVE-2010-0085\",\n \"CVE-2010-0087\",\n \"CVE-2010-0088\",\n \"CVE-2010-0089\",\n \"CVE-2010-0090\",\n \"CVE-2010-0091\",\n \"CVE-2010-0092\",\n \"CVE-2010-0093\",\n \"CVE-2010-0094\",\n \"CVE-2010-0095\",\n \"CVE-2010-0291\",\n \"CVE-2010-0307\",\n \"CVE-2010-0410\",\n \"CVE-2010-0415\",\n \"CVE-2010-0433\",\n \"CVE-2010-0437\",\n \"CVE-2010-0622\",\n \"CVE-2010-0730\",\n \"CVE-2010-0734\",\n \"CVE-2010-0740\",\n \"CVE-2010-0837\",\n \"CVE-2010-0838\",\n \"CVE-2010-0839\",\n \"CVE-2010-0840\",\n \"CVE-2010-0841\",\n \"CVE-2010-0842\",\n \"CVE-2010-0843\",\n \"CVE-2010-0844\",\n \"CVE-2010-0845\",\n \"CVE-2010-0846\",\n \"CVE-2010-0847\",\n \"CVE-2010-0848\",\n \"CVE-2010-0849\",\n \"CVE-2010-0850\",\n \"CVE-2010-0886\",\n \"CVE-2010-1084\",\n \"CVE-2010-1085\",\n \"CVE-2010-1086\",\n \"CVE-2010-1087\",\n \"CVE-2010-1088\",\n \"CVE-2010-1157\",\n \"CVE-2010-1173\",\n \"CVE-2010-1187\",\n \"CVE-2010-1321\",\n \"CVE-2010-1436\",\n \"CVE-2010-1437\",\n \"CVE-2010-1641\",\n \"CVE-2010-2066\",\n \"CVE-2010-2070\",\n \"CVE-2010-2226\",\n \"CVE-2010-2227\",\n \"CVE-2010-2240\",\n \"CVE-2010-2248\",\n \"CVE-2010-2521\",\n \"CVE-2010-2524\",\n \"CVE-2010-2928\",\n \"CVE-2010-2939\",\n \"CVE-2010-3081\",\n \"CVE-2010-3541\",\n \"CVE-2010-3548\",\n \"CVE-2010-3549\",\n \"CVE-2010-3550\",\n \"CVE-2010-3551\",\n \"CVE-2010-3553\",\n \"CVE-2010-3554\",\n \"CVE-2010-3556\",\n \"CVE-2010-3557\",\n \"CVE-2010-3559\",\n \"CVE-2010-3561\",\n \"CVE-2010-3562\",\n \"CVE-2010-3565\",\n \"CVE-2010-3566\",\n \"CVE-2010-3567\",\n \"CVE-2010-3568\",\n \"CVE-2010-3569\",\n \"CVE-2010-3571\",\n \"CVE-2010-3572\",\n \"CVE-2010-3573\",\n \"CVE-2010-3574\",\n \"CVE-2010-3864\"\n );\n script_bugtraq_id(\n 30082,\n 30083,\n 30118,\n 30119,\n 31534,\n 32710,\n 35112,\n 36935,\n 36954,\n 37724,\n 37762,\n 37906,\n 37942,\n 37944,\n 37945,\n 38027,\n 38058,\n 38144,\n 38162,\n 38165,\n 38185,\n 38348,\n 38479,\n 38533,\n 38857,\n 38898,\n 39013,\n 39044,\n 39062,\n 39067,\n 39068,\n 39069,\n 39070,\n 39071,\n 39072,\n 39073,\n 39075,\n 39077,\n 39078,\n 39081,\n 39082,\n 39083,\n 39084,\n 39085,\n 39086,\n 39088,\n 39089,\n 39090,\n 39091,\n 39093,\n 39094,\n 39095,\n 39096,\n 39120,\n 39492,\n 39569,\n 39635,\n 39715,\n 39719,\n 39794,\n 39979,\n 40235,\n 40356,\n 40776,\n 40920,\n 41466,\n 41544,\n 41904,\n 42242,\n 42249,\n 42306,\n 43239,\n 43965,\n 43971,\n 43979,\n 43985,\n 43988,\n 43992,\n 43994,\n 44009,\n 44011,\n 44012,\n 44013,\n 44014,\n 44016,\n 44017,\n 44026,\n 44027,\n 44028,\n 44030,\n 44032,\n 44035,\n 44040,\n 44884\n );\n script_xref(name:\"VMSA\", value:\"2011-0003\");\n\n script_name(english:\"VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check)\");\n script_summary(english:\"Checks the ESX / ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESX / ESXi host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including\nremote code execution vulnerabilities, in several third-party\ncomponents and libraries :\n\n - Apache Tomcat \n - Apache Tomcat Manager\n - cURL \n - Java Runtime Environment (JRE)\n - Kernel \n - Microsoft SQL Express\n - OpenSSL\n - pam_krb5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2011-0003\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2011/000140.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory that\npertains to ESX version 4.0 / 4.1 or ESXi version 4.0 / 4.1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Web Start Plugin Command Line Argument Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 22, 119, 189, 200, 255, 264, 287, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Misc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\nesx = '';\n\nif (\"ESX\" >!< rel)\n audit(AUDIT_OS_NOT, \"VMware ESX/ESXi\");\n\nextract = eregmatch(pattern:\"^(ESXi?) (\\d\\.\\d).*$\", string:ver);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_APP_VER, \"VMware ESX/ESXi\");\nelse\n{\n esx = extract[1];\n ver = extract[2];\n}\n\n# fixed build numbers are the same for ESX and ESXi\nfixes = make_array(\n \"4.0\", \"360236\",\n \"4.1\", \"348481\"\n );\n\nfix = FALSE;\nfix = fixes[ver];\n\n# get the build before checking the fix for the most complete audit trail\nextract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_BUILD, \"VMware \" + esx, ver);\n\nbuild = int(extract[1]);\n\n# if there is no fix in the array, fix is FALSE\nif (!fix)\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + esx, ver, build);\n\nif (build < fix)\n{\n\n report = '\\n Version : ' + esx + \" \" + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n exit(0);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + esx, ver, build);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:01:34", "description": "a. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3\n\n Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address multiple security issues that exist in the earlier releases of Microsoft SQL Express.\n\n Customers using other database solutions need not update for these issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086, CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL Express Service Pack 3.\n\nb. vCenter Apache Tomcat Management Application Credential Disclosure\n\n The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local users.\n\n The issue is resolved by removing the Manager application in vCenter 4.1 Update 1.\n\n If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon credentials are not present in the configuration file after the update.\n\n VMware would like to thank Claudio Criscione of Secure Networking for reporting this issue to us.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-2928 to this issue.\n\nc. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21\n\n Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0850.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name to the security issue fixed in Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886.\n\nd. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26\n\n Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566, CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573, CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555, CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562, CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572, CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541, CVE-2010-3574.\n\ne. vCenter Server and ESX Apache Tomcat updated to version 6.0.28\n\n Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache Tomcat\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i and CVE-2009-3548.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157.\n\nf. vCenter Server third-party component OpenSSL updated to version 0.9.8n\n\n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0740 and CVE-2010-0433 to the issues addressed in this version of OpenSSL.\n\ng. ESX third-party component OpenSSL updated to version 0.9.8p\n\n The version of the ESX OpenSSL library is updated to 0.9.8p.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3864 and CVE-2010-2939 to the issues addressed in this update.\n\nh. ESXi third-party component cURL updated\n\n The version of cURL library in ESXi is updated.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0734 to the issues addressed in this update.\n\ni. ESX third-party component pam_krb5 updated\n\n The version of pam_krb5 library is updated.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3825 and CVE-2009-1384 to the issues addressed in the update.\n\nj. ESX third-party update for Service Console kernel\n\n The Service Console kernel is updated to include kernel version 2.6.18-194.11.1.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524, CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086, CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437, CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and CVE-2010-3081 to the issues addressed in the update.\n\n Notes :\n - The update also addresses the 64-bit compatibility mode stack pointer underflow issue identified by CVE-2010-3081. This issue was patched in an ESX 4.1 patch prior to the release of ESX 4.1 Update 1 and in a previous ESX 4.0 patch release.\n - The update also addresses CVE-2010-2240 for ESX 4.0.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2011-02-14T00:00:00", "type": "nessus", "title": "VMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0085", "CVE-2008-0086", "CVE-2008-0106", "CVE-2008-0107", "CVE-2008-3825", "CVE-2008-5416", "CVE-2009-1384", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2009-3548", "CVE-2009-3555", "CVE-2009-4308", "CVE-2010-0003", "CVE-2010-0007", "CVE-2010-0008", "CVE-2010-0082", "CVE-2010-0084", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0088", "CVE-2010-0089", "CVE-2010-0090", "CVE-2010-0091", "CVE-2010-0092", "CVE-2010-0093", "CVE-2010-0094", "CVE-2010-0095", "CVE-2010-0291", "CVE-2010-0307", "CVE-2010-0410", "CVE-2010-0415", "CVE-2010-0433", "CVE-2010-0437", "CVE-2010-0622", "CVE-2010-0730", "CVE-2010-0734", "CVE-2010-0740", "CVE-2010-0837", "CVE-2010-0838", "CVE-2010-0839", "CVE-2010-0840", "CVE-2010-0841", "CVE-2010-0842", "CVE-2010-0843", "CVE-2010-0844", "CVE-2010-0845", "CVE-2010-0846", "CVE-2010-0847", "CVE-2010-0848", "CVE-2010-0849", "CVE-2010-0850", "CVE-2010-0886", "CVE-2010-1084", "CVE-2010-1085", "CVE-2010-1086", "CVE-2010-1087", "CVE-2010-1088", "CVE-2010-1157", "CVE-2010-1173", "CVE-2010-1187", "CVE-2010-1321", "CVE-2010-1436", "CVE-2010-1437", "CVE-2010-1641", "CVE-2010-2066", "CVE-2010-2070", "CVE-2010-2226", "CVE-2010-2227", "CVE-2010-2240", "CVE-2010-2248", "CVE-2010-2521", "CVE-2010-2524", "CVE-2010-2928", "CVE-2010-2939", "CVE-2010-3081", "CVE-2010-3541", "CVE-2010-3548", "CVE-2010-3549", "CVE-2010-3550", "CVE-2010-3551", "CVE-2010-3553", "CVE-2010-3554", "CVE-2010-3556", "CVE-2010-3557", "CVE-2010-3559", "CVE-2010-3561", "CVE-2010-3562", "CVE-2010-3565", "CVE-2010-3566", "CVE-2010-3567", "CVE-2010-3568", "CVE-2010-3569", "CVE-2010-3571", "CVE-2010-3572", "CVE-2010-3573", "CVE-2010-3574", "CVE-2010-3864"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esx:4.0", "cpe:/o:vmware:esx:4.1", "cpe:/o:vmware:esxi:4.0", "cpe:/o:vmware:esxi:4.1"], "id": "VMWARE_VMSA-2011-0003.NASL", "href": "https://www.tenable.com/plugins/nessus/51971", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2011-0003. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51971);\n script_version(\"1.45\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-0085\", \"CVE-2008-0086\", \"CVE-2008-0106\", \"CVE-2008-0107\", \"CVE-2008-3825\", \"CVE-2008-5416\", \"CVE-2009-1384\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2009-3548\", \"CVE-2009-3555\", \"CVE-2009-4308\", \"CVE-2010-0003\", \"CVE-2010-0007\", \"CVE-2010-0008\", \"CVE-2010-0082\", \"CVE-2010-0084\", \"CVE-2010-0085\", \"CVE-2010-0087\", \"CVE-2010-0088\", \"CVE-2010-0089\", \"CVE-2010-0090\", \"CVE-2010-0091\", \"CVE-2010-0092\", \"CVE-2010-0093\", \"CVE-2010-0094\", \"CVE-2010-0095\", \"CVE-2010-0291\", \"CVE-2010-0307\", \"CVE-2010-0410\", \"CVE-2010-0415\", \"CVE-2010-0433\", \"CVE-2010-0437\", \"CVE-2010-0622\", \"CVE-2010-0730\", \"CVE-2010-0734\", \"CVE-2010-0740\", \"CVE-2010-0837\", \"CVE-2010-0838\", \"CVE-2010-0839\", \"CVE-2010-0840\", \"CVE-2010-0841\", \"CVE-2010-0842\", \"CVE-2010-0843\", \"CVE-2010-0844\", \"CVE-2010-0845\", \"CVE-2010-0846\", \"CVE-2010-0847\", \"CVE-2010-0848\", \"CVE-2010-0849\", \"CVE-2010-0850\", \"CVE-2010-0886\", \"CVE-2010-1084\", \"CVE-2010-1085\", \"CVE-2010-1086\", \"CVE-2010-1087\", \"CVE-2010-1088\", \"CVE-2010-1157\", \"CVE-2010-1173\", \"CVE-2010-1187\", \"CVE-2010-1321\", \"CVE-2010-1436\", \"CVE-2010-1437\", \"CVE-2010-1641\", \"CVE-2010-2066\", \"CVE-2010-2070\", \"CVE-2010-2226\", \"CVE-2010-2227\", \"CVE-2010-2240\", \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2524\", \"CVE-2010-2928\", \"CVE-2010-2939\", \"CVE-2010-3081\", \"CVE-2010-3541\", \"CVE-2010-3548\", \"CVE-2010-3549\", \"CVE-2010-3550\", \"CVE-2010-3551\", \"CVE-2010-3553\", \"CVE-2010-3554\", \"CVE-2010-3556\", \"CVE-2010-3557\", \"CVE-2010-3559\", \"CVE-2010-3561\", \"CVE-2010-3562\", \"CVE-2010-3565\", \"CVE-2010-3566\", \"CVE-2010-3567\", \"CVE-2010-3568\", \"CVE-2010-3569\", \"CVE-2010-3571\", \"CVE-2010-3572\", \"CVE-2010-3573\", \"CVE-2010-3574\", \"CVE-2010-3864\");\n script_bugtraq_id(30082, 30083, 30118, 30119, 31534, 32710, 35112, 36935, 36954, 37724, 37762, 37906, 37942, 37944, 37945, 38027, 38058, 38144, 38162, 38165, 38185, 38348, 38479, 38533, 38857, 38898, 39013, 39044, 39062, 39067, 39068, 39069, 39070, 39071, 39072, 39073, 39075, 39077, 39078, 39081, 39082, 39083, 39084, 39085, 39086, 39088, 39089, 39090, 39091, 39093, 39094, 39095, 39096, 39120, 39492, 39569, 39635, 39715, 39719, 39794, 39979, 40235, 40356, 40776, 40920, 41466, 41544, 41904, 42242, 42249, 42306, 43239, 43965, 43971, 43979, 43985, 43988, 43992, 43994, 44009, 44011, 44012, 44013, 44014, 44016, 44017, 44026, 44027, 44028, 44030, 44032, 44035, 44040, 44884);\n script_xref(name:\"VMSA\", value:\"2011-0003\");\n\n script_name(english:\"VMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote VMware ESXi / ESX host is missing one or more\nsecurity-related patches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"a. vCenter Server and vCenter Update Manager update Microsoft\n SQL Server 2005 Express Edition to Service Pack 3\n\n Microsoft SQL Server 2005 Express Edition (SQL Express)\n distributed with vCenter Server 4.1 Update 1 and vCenter Update\n Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2\n to SQL Express Service Pack 3, to address multiple security\n issues that exist in the earlier releases of Microsoft SQL Express.\n\n Customers using other database solutions need not update for\n these issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086,\n CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL\n Express Service Pack 3.\n\nb. vCenter Apache Tomcat Management Application Credential Disclosure\n\n The Apache Tomcat Manager application configuration file contains\n logon credentials that can be read by unprivileged local users.\n\n The issue is resolved by removing the Manager application in\n vCenter 4.1 Update 1.\n\n If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon\n credentials are not present in the configuration file after the\n update.\n\n VMware would like to thank Claudio Criscione of Secure Networking\n for reporting this issue to us.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2010-2928 to this issue.\n\nc. vCenter Server and ESX, Oracle (Sun) JRE is updated to version\n 1.6.0_21\n\n Oracle (Sun) JRE update to version 1.6.0_21, which addresses\n multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082,\n CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088,\n CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092,\n CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837,\n CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,\n CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845,\n CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849,\n CVE-2010-0850.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following name to the security issue fixed in\n Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886.\n\nd. vCenter Update Manager Oracle (Sun) JRE is updated to version\n 1.5.0_26\n\n Oracle (Sun) JRE update to version 1.5.0_26, which addresses\n multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566,\n CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573,\n CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555,\n CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562,\n CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572,\n CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541,\n CVE-2010-3574.\n\ne. vCenter Server and ESX Apache Tomcat updated to version 6.0.28\n\n Apache Tomcat updated to version 6.0.28, which addresses multiple\n security issues that existed in earlier releases of Apache Tomcat\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i\n and CVE-2009-3548.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157.\n\nf. vCenter Server third-party component OpenSSL updated to version\n 0.9.8n\n\n The version of the OpenSSL library in vCenter Server is updated to\n 0.9.8n.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-0740 and CVE-2010-0433 to the\n issues addressed in this version of OpenSSL.\n\ng. ESX third-party component OpenSSL updated to version 0.9.8p\n\n The version of the ESX OpenSSL library is updated to 0.9.8p.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-3864 and CVE-2010-2939 to the\n issues addressed in this update.\n\nh. ESXi third-party component cURL updated\n\n The version of cURL library in ESXi is updated.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2010-0734 to the issues addressed in\n this update.\n\ni. ESX third-party component pam_krb5 updated\n\n The version of pam_krb5 library is updated.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-3825 and CVE-2009-1384 to the\n issues addressed in the update.\n\nj. ESX third-party update for Service Console kernel\n\n The Service Console kernel is updated to include kernel version\n 2.6.18-194.11.1.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070,\n CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524,\n CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308,\n CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086,\n CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291,\n CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437,\n CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and\n CVE-2010-3081 to the issues addressed in the update.\n\n Notes :\n - The update also addresses the 64-bit compatibility mode\n stack pointer underflow issue identified by CVE-2010-3081. This\n issue was patched in an ESX 4.1 patch prior to the release of\n ESX 4.1 Update 1 and in a previous ESX 4.0 patch release.\n - The update also addresses CVE-2010-2240 for ESX 4.0.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2011/000140.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Web Start Plugin Command Line Argument Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 22, 119, 189, 200, 255, 264, 287, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2011-02-10\");\nflag = 0;\n\n\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-201103401-SG\",\n patch_updates : make_list(\"ESX400-201104401-SG\", \"ESX400-201110401-SG\", \"ESX400-201111201-SG\", \"ESX400-201203401-SG\", \"ESX400-201205401-SG\", \"ESX400-201206401-SG\", \"ESX400-201209401-SG\", \"ESX400-201302401-SG\", \"ESX400-201305401-SG\", \"ESX400-201310401-SG\", \"ESX400-201404401-SG\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-201103403-SG\",\n patch_updates : make_list(\"ESX400-201111201-SG\", \"ESX400-201203401-SG\", \"ESX400-201205401-SG\", \"ESX400-201206401-SG\", \"ESX400-201209401-SG\", \"ESX400-201302401-SG\", \"ESX400-201305401-SG\", \"ESX400-201310401-SG\", \"ESX400-201404401-SG\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201101201-SG\",\n patch_updates : make_list(\"ESX40-TO-ESX41UPDATE01\", \"ESX410-201104401-SG\", \"ESX410-201110201-SG\", \"ESX410-201201401-SG\", \"ESX410-201204401-SG\", \"ESX410-201205401-SG\", \"ESX410-201206401-SG\", \"ESX410-201208101-SG\", \"ESX410-201211401-SG\", \"ESX410-201301401-SG\", \"ESX410-201304401-SG\", \"ESX410-201307401-SG\", \"ESX410-201312401-SG\", \"ESX410-201404401-SG\", \"ESX410-Update01\", \"ESX410-Update02\", \"ESX410-Update03\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESXi 4.0\",\n patch : \"ESXi400-201103401-SG\",\n patch_updates : make_list(\"ESXi400-201104401-SG\", \"ESXi400-201110401-SG\", \"ESXi400-201203401-SG\", \"ESXi400-201205401-SG\", \"ESXi400-201206401-SG\", \"ESXi400-201209401-SG\", \"ESXi400-201302401-SG\", \"ESXi400-201305401-SG\", \"ESXi400-201310401-SG\", \"ESXi400-201404401-SG\", \"ESXi400-Update03\", \"ESXi400-Update04\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESXi 4.1\",\n patch : \"ESXi410-201101201-SG\",\n patch_updates : make_list(\"ESXi410-201104401-SG\", \"ESXi410-201110201-SG\", \"ESXi410-201201401-SG\", \"ESXi410-201204401-SG\", \"ESXi410-201205401-SG\", \"ESXi410-201206401-SG\", \"ESXi410-201208101-SG\", \"ESXi410-201211401-SG\", \"ESXi410-201301401-SG\", \"ESXi410-201304401-SG\", \"ESXi410-201307401-SG\", \"ESXi410-201312401-SG\", \"ESXi410-201404401-SG\", \"ESXi410-Update01\", \"ESXi410-Update02\", \"ESXi410-Update03\")\n )\n) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:40:13", "description": "Apache Tomcat is prone to a directory-traversal vulnerability and to\n an authentication-bypass vulnerability.", "cvss3": {}, "published": "2010-01-28T00:00:00", "type": "openvas", "title": "Apache Tomcat Multiple Vulnerabilities - Jan10", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902"], "modified": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310100474", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100474", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat Multiple Vulnerabilities - Jan10\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100474\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2010-01-28 18:48:47 +0100 (Thu, 28 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_bugtraq_id(37945, 37942, 37944);\n script_cve_id(\"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2009-2693\");\n script_name(\"Apache Tomcat Multiple Vulnerabilities - Jan10\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web Servers\");\n script_copyright(\"This script is Copyright (C) 2010 Greenbone Networks GmbH\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/37945\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/37944\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/37942\");\n\n script_xref(name:\"URL\", value:\"http://svn.apache.org/viewvc?view=revision&revision=892815\");\n script_xref(name:\"URL\", value:\"http://svn.apache.org/viewvc?view=revision&revision=902650\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for\n details.\");\n\n script_tag(name:\"summary\", value:\"Apache Tomcat is prone to a directory-traversal vulnerability and to\n an authentication-bypass vulnerability.\");\n\n script_tag(name:\"impact\", value:\"Exploiting this issue allows attackers to delete arbitrary files\n within the context of the current working directory or gain unauthorized access to files and directories.\");\n\n script_tag(name:\"affected\", value:\"Tomcat 5.5.0 through 5.5.28\n Tomcat 6.0.0 through 6.0.20\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"5.5.0\", test_version2:\"5.5.28\" ) ||\n version_in_range( version:vers, test_version:\"6.0.0\", test_version2:\"6.0.20\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"5.5.29/6.0.21\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2017-12-04T11:18:17", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-899-1", "cvss3": {}, "published": "2010-02-15T00:00:00", "type": "openvas", "title": "Ubuntu Update for tomcat6 vulnerabilities USN-899-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840386", "href": "http://plugins.openvas.org/nasl.php?oid=840386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_899_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for tomcat6 vulnerabilities USN-899-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Tomcat did not correctly validate WAR filenames or\n paths when deploying. A remote attacker could send a specially crafted WAR\n file to be deployed and cause arbitrary files and directories to be\n created, overwritten, or deleted.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-899-1\";\ntag_affected = \"tomcat6 vulnerabilities on Ubuntu 8.10 ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-899-1/\");\n script_id(840386);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-15 16:07:49 +0100 (Mon, 15 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"USN\", value: \"899-1\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\");\n script_name(\"Ubuntu Update for tomcat6 vulnerabilities USN-899-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.20-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.20-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.20-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.20-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.20-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.20-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.20-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.20-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.20-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.18-0ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.18-0ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.18-0ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.18-0ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.18-0ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.18-0ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.18-0ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.18-0ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.18-0ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.18-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.18-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.18-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.18-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.18-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.18-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.18-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.18-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-08T12:54:31", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-899-1", "cvss3": {}, "published": "2010-02-15T00:00:00", "type": "openvas", "title": "Ubuntu Update for tomcat6 vulnerabilities USN-899-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:1361412562310840386", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_899_1.nasl 8314 2018-01-08 08:01:01Z teissa $\n#\n# Ubuntu Update for tomcat6 vulnerabilities USN-899-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Tomcat did not correctly validate WAR filenames or\n paths when deploying. A remote attacker could send a specially crafted WAR\n file to be deployed and cause arbitrary files and directories to be\n created, overwritten, or deleted.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-899-1\";\ntag_affected = \"tomcat6 vulnerabilities on Ubuntu 8.10 ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-899-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840386\");\n script_version(\"$Revision: 8314 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 09:01:01 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-15 16:07:49 +0100 (Mon, 15 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"USN\", value: \"899-1\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\");\n script_name(\"Ubuntu Update for tomcat6 vulnerabilities USN-899-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.20-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.20-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.20-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.20-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.20-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.20-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.20-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.20-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.20-2ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.18-0ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.18-0ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.18-0ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.18-0ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.18-0ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.18-0ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.18-0ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.18-0ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.18-0ubuntu6.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.18-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.18-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.18-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.18-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.18-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.18-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.18-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.18-0ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-22T13:05:50", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2010-09-14T00:00:00", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2010-1157", "CVE-2009-2901", "CVE-2010-2227", "CVE-2009-2902"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:1361412562310831151", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831151", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in tomcat5:\n\n Directory traversal vulnerability in Apache Tomcat 5.5.0 through\n 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or\n overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file,\n as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).\n \n The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and\n 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase\n files that remain from a failed undeploy, which might allow remote\n attackers to bypass intended authentication requirements via HTTP\n requests (CVE-2009-2901).\n \n Directory traversal vulnerability in Apache Tomcat 5.5.0 through\n 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete\n work-directory files via directory traversal sequences in a WAR\n filename, as demonstrated by the ...war filename (CVE-2009-2902).\n \n Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might\n allow remote attackers to discover the server's hostname or IP\n address by sending a request for a resource that requires (1) BASIC or\n (2) DIGEST authentication, and then reading the realm field in the\n WWW-Authenticate header in the reply (CVE-2010-1157).\n \n Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0\n beta does not properly handle an invalid Transfer-Encoding header,\n which allows remote attackers to cause a denial of service (application\n outage) or obtain sensitive information via a crafted header that\n interferes with recycling of a buffer. (CVE-2010-2227)\n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-09/msg00011.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831151\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-14 15:35:55 +0200 (Tue, 14 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:177\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_name(\"Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:26", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2010-09-14T00:00:00", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2010-1157", "CVE-2009-2901", "CVE-2010-2227", "CVE-2009-2902"], "modified": "2017-12-22T00:00:00", "id": "OPENVAS:831151", "href": "http://plugins.openvas.org/nasl.php?oid=831151", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in tomcat5:\n\n Directory traversal vulnerability in Apache Tomcat 5.5.0 through\n 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or\n overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file,\n as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).\n \n The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and\n 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase\n files that remain from a failed undeploy, which might allow remote\n attackers to bypass intended authentication requirements via HTTP\n requests (CVE-2009-2901).\n \n Directory traversal vulnerability in Apache Tomcat 5.5.0 through\n 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete\n work-directory files via directory traversal sequences in a WAR\n filename, as demonstrated by the ...war filename (CVE-2009-2902).\n \n Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might\n allow remote attackers to discover the server's hostname or IP\n address by sending a request for a resource that requires (1) BASIC or\n (2) DIGEST authentication, and then reading the realm field in the\n WWW-Authenticate header in the reply (CVE-2010-1157).\n \n Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0\n beta does not properly handle an invalid Transfer-Encoding header,\n which allows remote attackers to cause a denial of service (application\n outage) or obtain sensitive information via a crafted header that\n interferes with recycling of a buffer. (CVE-2010-2227)\n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-09/msg00011.php\");\n script_id(831151);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-14 15:35:55 +0200 (Tue, 14 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:177\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_name(\"Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:48:22", "description": "Check for the Version of Tomcat Servlet Engine", "cvss3": {}, "published": "2010-06-23T00:00:00", "type": "openvas", "title": "HP-UX Update for Tomcat Servlet Engine HPSBUX02541", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-2902", "CVE-2009-3548"], "modified": "2017-12-14T00:00:00", "id": "OPENVAS:835237", "href": "http://plugins.openvas.org/nasl.php?oid=835237", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Tomcat Servlet Engine HPSBUX02541\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote increase in privilege\n arbitrary file modification\";\ntag_affected = \"Tomcat Servlet Engine on\n HP-UX B.11.11, B.11.23 and B.11.31 running Tomcat-based Servlet Engine \n v5.5.27.03 or earlier\";\ntag_insight = \"Potential security vulnerabilities have been identified with HP-UX running \n Tomcat-based Servlet Engine. The vulnerabilities could be exploited remotely \n to increase privilege or arbitrarily modify files. Tomcat-based Servlet \n Engine is contained in the Apache Web Server Suite.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02241113\");\n script_id(835237);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-23 12:17:53 +0200 (Wed, 23 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"HPSBUX\", value: \"02541\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2902\", \"CVE-2009-3548\");\n script_name(\"HP-UX Update for Tomcat Servlet Engine HPSBUX02541\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of Tomcat Servlet Engine\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22TOMCAT.TOMCAT\", revision:\"B.5.5.29.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsTOMCAT.TOMCAT\", revision:\"B.5.5.29.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22TOMCAT.TOMCAT\", revision:\"B.5.5.29.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsTOMCAT.TOMCAT\", revision:\"B.5.5.29.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsTOMCAT.TOMCAT\", revision:\"B.5.5.29.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:00", "description": "Check for the Version of Tomcat Servlet Engine", "cvss3": {}, "published": "2010-06-23T00:00:00", "type": "openvas", "title": "HP-UX Update for Tomcat Servlet Engine HPSBUX02541", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-2902", "CVE-2009-3548"], "modified": "2017-12-27T00:00:00", "id": "OPENVAS:1361412562310835237", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835237", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Tomcat Servlet Engine HPSBUX02541\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote increase in privilege\n arbitrary file modification\";\ntag_affected = \"Tomcat Servlet Engine on\n HP-UX B.11.11, B.11.23 and B.11.31 running Tomcat-based Servlet Engine \n v5.5.27.03 or earlier\";\ntag_insight = \"Potential security vulnerabilities have been identified with HP-UX running \n Tomcat-based Servlet Engine. The vulnerabilities could be exploited remotely \n to increase privilege or arbitrarily modify files. Tomcat-based Servlet \n Engine is contained in the Apache Web Server Suite.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02241113\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835237\");\n script_version(\"$Revision: 8250 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 08:29:15 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-23 12:17:53 +0200 (Wed, 23 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"HPSBUX\", value: \"02541\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2902\", \"CVE-2009-3548\");\n script_name(\"HP-UX Update for Tomcat Servlet Engine HPSBUX02541\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of Tomcat Servlet Engine\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22TOMCAT.TOMCAT\", revision:\"B.5.5.29.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsTOMCAT.TOMCAT\", revision:\"B.5.5.29.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22TOMCAT.TOMCAT\", revision:\"B.5.5.29.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsTOMCAT.TOMCAT\", revision:\"B.5.5.29.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsTOMCAT.TOMCAT\", revision:\"B.5.5.29.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-03-14T18:58:49", "description": "Oracle Linux Local Security Checks ELSA-2010-0580", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2010-0580", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2010-2227", "CVE-2009-2696", "CVE-2009-2902"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310122335", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122335", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122335\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:17:01 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0580\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0580 - tomcat5 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0580\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0580.html\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2017-12-14T11:48:47", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2010-08-06T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat5 RHSA-2010:0580-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-0781", "CVE-2010-2227", "CVE-2009-2696", "CVE-2009-2902"], "modified": "2017-12-13T00:00:00", "id": "OPENVAS:870302", "href": "http://plugins.openvas.org/nasl.php?oid=870302", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat5 RHSA-2010:0580-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A flaw was found in the way Tomcat handled the Transfer-Encoding header in\n HTTP requests. A specially-crafted HTTP request could prevent Tomcat from\n sending replies, or cause Tomcat to return truncated replies, or replies\n containing data related to the requests of other users, for all subsequent\n HTTP requests. (CVE-2010-2227)\n\n The Tomcat security update RHSA-2009:1164 did not, unlike the erratum text\n stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw\n in the examples calendar application. With some web browsers, remote\n attackers could use this flaw to inject arbitrary web script or HTML via\n the &quot;time&quot; parameter. (CVE-2009-2696)\n\n Two directory traversal flaws were found in the Tomcat deployment process.\n A specially-crafted WAR file could, when deployed, cause a file to be\n created outside of the web root into any directory writable by the Tomcat\n user, or could lead to the deletion of files in the Tomcat host's work\n directory. (CVE-2009-2693, CVE-2009-2902)\n\n Users of Tomcat should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Tomcat must be restarted for\n this update to take effect.\";\n\ntag_affected = \"tomcat5 on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-August/msg00000.html\");\n script_id(870302);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-06 10:34:50 +0200 (Fri, 06 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0580-01\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\", \"CVE-2009-0781\");\n script_name(\"RedHat Update for tomcat5 RHSA-2010:0580-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:35", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2010-08-06T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat5 RHSA-2010:0580-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-0781", "CVE-2010-2227", "CVE-2009-2696", "CVE-2009-2902"], "modified": "2017-12-21T00:00:00", "id": "OPENVAS:1361412562310870302", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870302", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat5 RHSA-2010:0580-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A flaw was found in the way Tomcat handled the Transfer-Encoding header in\n HTTP requests. A specially-crafted HTTP request could prevent Tomcat from\n sending replies, or cause Tomcat to return truncated replies, or replies\n containing data related to the requests of other users, for all subsequent\n HTTP requests. (CVE-2010-2227)\n\n The Tomcat security update RHSA-2009:1164 did not, unlike the erratum text\n stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw\n in the examples calendar application. With some web browsers, remote\n attackers could use this flaw to inject arbitrary web script or HTML via\n the &quot;time&quot; parameter. (CVE-2009-2696)\n\n Two directory traversal flaws were found in the Tomcat deployment process.\n A specially-crafted WAR file could, when deployed, cause a file to be\n created outside of the web root into any directory writable by the Tomcat\n user, or could lead to the deletion of files in the Tomcat host's work\n directory. (CVE-2009-2693, CVE-2009-2902)\n\n Users of Tomcat should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Tomcat must be restarted for\n this update to take effect.\";\n\ntag_affected = \"tomcat5 on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-August/msg00000.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870302\");\n script_version(\"$Revision: 8207 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 08:30:12 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-06 10:34:50 +0200 (Fri, 06 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0580-01\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\", \"CVE-2009-0781\");\n script_name(\"RedHat Update for tomcat5 RHSA-2010:0580-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat5 CESA-2010:0580 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-0781", "CVE-2010-2227", "CVE-2009-2696", "CVE-2009-2902"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880632", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880632", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat5 CESA-2010:0580 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2010-August/016859.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880632\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2010:0580\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\", \"CVE-2009-0781\");\n script_name(\"CentOS Update for tomcat5 CESA-2010:0580 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat5'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"tomcat5 on CentOS 5\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A flaw was found in the way Tomcat handled the Transfer-Encoding header in\n HTTP requests. A specially-crafted HTTP request could prevent Tomcat from\n sending replies, or cause Tomcat to return truncated replies, or replies\n containing data related to the requests of other users, for all subsequent\n HTTP requests. (CVE-2010-2227)\n\n The Tomcat security update RHSA-2009:1164 did not, unlike the erratum text\n stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw\n in the examples calendar application. With some web browsers, remote\n attackers could use this flaw to inject arbitrary web script or HTML via\n the 'time' parameter. (CVE-2009-2696)\n\n Two directory traversal flaws were found in the Tomcat deployment process.\n A specially-crafted WAR file could, when deployed, cause a file to be\n created outside of the web root into any directory writable by the Tomcat\n user, or could lead to the deletion of files in the Tomcat host's work\n directory. (CVE-2009-2693, CVE-2009-2902)\n\n Users of Tomcat should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Tomcat must be restarted for\n this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2017-07-25T10:55:30", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat5 CESA-2010:0580 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-0781", "CVE-2010-2227", "CVE-2009-2696", "CVE-2009-2902"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880632", "href": "http://plugins.openvas.org/nasl.php?oid=880632", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat5 CESA-2010:0580 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A flaw was found in the way Tomcat handled the Transfer-Encoding header in\n HTTP requests. A specially-crafted HTTP request could prevent Tomcat from\n sending replies, or cause Tomcat to return truncated replies, or replies\n containing data related to the requests of other users, for all subsequent\n HTTP requests. (CVE-2010-2227)\n \n The Tomcat security update RHSA-2009:1164 did not, unlike the erratum text\n stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw\n in the examples calendar application. With some web browsers, remote\n attackers could use this flaw to inject arbitrary web script or HTML via\n the &quot;time&quot; parameter. (CVE-2009-2696)\n \n Two directory traversal flaws were found in the Tomcat deployment process.\n A specially-crafted WAR file could, when deployed, cause a file to be\n created outside of the web root into any directory writable by the Tomcat\n user, or could lead to the deletion of files in the Tomcat host's work\n directory. (CVE-2009-2693, CVE-2009-2902)\n \n Users of Tomcat should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Tomcat must be restarted for\n this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat5 on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-August/016859.html\");\n script_id(880632);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0580\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\", \"CVE-2009-0781\");\n script_name(\"CentOS Update for tomcat5 CESA-2010:0580 centos5 i386\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:41", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2010-09-14T00:00:00", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0033", "CVE-2007-5333", "CVE-2009-2693", "CVE-2009-0580", "CVE-2008-5515", "CVE-2010-1157", "CVE-2009-2901", "CVE-2010-2227", "CVE-2009-0783", "CVE-2007-3385", "CVE-2009-2902"], "modified": "2017-12-26T00:00:00", "id": "OPENVAS:1361412562310831148", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831148", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in tomcat5:\n\n Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0\n through 4.1.36 does not properly handle (1) double quote (&quot;) characters\n or (2) \\%5C (encoded backslash) sequences in a cookie value, which\n might cause sensitive information such as session IDs to be leaked\n to remote attackers and enable session hijacking attacks. NOTE:\n this issue exists because of an incomplete fix for CVE-2007-3385\n (CVE-2007-5333).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through\n 6.0.18, and possibly earlier versions normalizes the target pathname\n before filtering the query string when using the RequestDispatcher\n method, which allows remote attackers to bypass intended access\n restrictions and conduct directory traversal attacks via .. (dot dot)\n sequences and the WEB-INF directory in a Request (CVE-2008-5515).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\n through 6.0.18, when the Java AJP connector and mod_jk load balancing\n are used, allows remote attackers to cause a denial of service\n (application outage) via a crafted request with invalid headers,\n related to temporary blocking of connectors that have encountered\n errors, as demonstrated by an error involving a malformed HTTP Host\n header (CVE-2009-0033).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and\n 6.0.0 through 6.0.18, when FORM authentication is used, allows\n remote attackers to enumerate valid usernames via requests to\n /j_security_check with malformed URL encoding of passwords, related to\n improper error checking in the (1) MemoryRealm, (2) DataSourceRealm,\n and (3) JDBCRealm authentication realms, as demonstrated by a \\%\n (percent) value for the j_password parameter (CVE-2009-0580).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\n through 6.0.18 permits web applications to replace an XML parser used\n for other web applications, which allows local users to read or modify\n the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web\n applications via a crafted application that is loaded earlier than\n the target application (CVE-2009-0783).\n \n Directory traversal vulnerability in Apache Tomcat 5.5.0 through\n 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or\n overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file,\n as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).\n \n The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 a ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-09/msg00010.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831148\");\n script_version(\"$Revision: 8246 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 08:29:20 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-14 15:35:55 +0200 (Tue, 14 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:176\");\n script_cve_id(\"CVE-2007-3385\", \"CVE-2007-5333\", \"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_name(\"Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:48:51", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2010-09-14T00:00:00", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0033", "CVE-2007-5333", "CVE-2009-2693", "CVE-2009-0580", "CVE-2008-5515", "CVE-2010-1157", "CVE-2009-2901", "CVE-2010-2227", "CVE-2009-0783", "CVE-2007-3385", "CVE-2009-2902"], "modified": "2017-12-13T00:00:00", "id": "OPENVAS:831148", "href": "http://plugins.openvas.org/nasl.php?oid=831148", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in tomcat5:\n\n Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0\n through 4.1.36 does not properly handle (1) double quote (&quot;) characters\n or (2) \\%5C (encoded backslash) sequences in a cookie value, which\n might cause sensitive information such as session IDs to be leaked\n to remote attackers and enable session hijacking attacks. NOTE:\n this issue exists because of an incomplete fix for CVE-2007-3385\n (CVE-2007-5333).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through\n 6.0.18, and possibly earlier versions normalizes the target pathname\n before filtering the query string when using the RequestDispatcher\n method, which allows remote attackers to bypass intended access\n restrictions and conduct directory traversal attacks via .. (dot dot)\n sequences and the WEB-INF directory in a Request (CVE-2008-5515).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\n through 6.0.18, when the Java AJP connector and mod_jk load balancing\n are used, allows remote attackers to cause a denial of service\n (application outage) via a crafted request with invalid headers,\n related to temporary blocking of connectors that have encountered\n errors, as demonstrated by an error involving a malformed HTTP Host\n header (CVE-2009-0033).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and\n 6.0.0 through 6.0.18, when FORM authentication is used, allows\n remote attackers to enumerate valid usernames via requests to\n /j_security_check with malformed URL encoding of passwords, related to\n improper error checking in the (1) MemoryRealm, (2) DataSourceRealm,\n and (3) JDBCRealm authentication realms, as demonstrated by a \\%\n (percent) value for the j_password parameter (CVE-2009-0580).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\n through 6.0.18 permits web applications to replace an XML parser used\n for other web applications, which allows local users to read or modify\n the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web\n applications via a crafted application that is loaded earlier than\n the target application (CVE-2009-0783).\n \n Directory traversal vulnerability in Apache Tomcat 5.5.0 through\n 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or\n overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file,\n as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).\n \n The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 a ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-09/msg00010.php\");\n script_id(831148);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-14 15:35:55 +0200 (Tue, 14 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:176\");\n script_cve_id(\"CVE-2007-3385\", \"CVE-2007-5333\", \"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_name(\"Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:55:37", "description": "The remote host is missing an update to tomcat5.5\nannounced via advisory DSA 2207-1.", "cvss3": {}, "published": "2011-05-12T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2207-1 (tomcat5.5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0033", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2010-1157", "CVE-2010-2227", "CVE-2009-0783", "CVE-2009-2902"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:69417", "href": "http://plugins.openvas.org/nasl.php?oid=69417", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2207_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2207-1 (tomcat5.5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Various vulnerabilities have been discovered in the Tomcat Servlet and\nJSP engine, resulting in denial of service, cross-site scripting,\ninformation disclosure and WAR file traversal. Further details on the\nindividual security issues can be found at\nhttp://tomcat.apache.org/security-5.html.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 5.5.26-5lenny2.\n\nThe stable distribution (squeeze) no longer contains tomcat5.5. tomcat6\nis already fixed.\n\nThe unstable distribution (sid) no longer contains tomcat5.5. tomcat6\nis already fixed.\n\nWe recommend that you upgrade your tomcat5.5 packages.\";\ntag_summary = \"The remote host is missing an update to tomcat5.5\nannounced via advisory DSA 2207-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202207-1\";\n\n\nif(description)\n{\n script_id(69417);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_name(\"Debian Security Advisory DSA 2207-1 (tomcat5.5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libtomcat5.5-java\", ver:\"5.5.26-5lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat5.5\", ver:\"5.5.26-5lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat5.5-admin\", ver:\"5.5.26-5lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat5.5-webapps\", ver:\"5.5.26-5lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:39", "description": "The remote host is missing an update to tomcat5.5\nannounced via advisory DSA 2207-1.", "cvss3": {}, "published": "2011-05-12T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2207-1 (tomcat5.5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0033", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2010-1157", "CVE-2010-2227", "CVE-2009-0783", "CVE-2009-2902"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231069417", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069417", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2207_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2207-1 (tomcat5.5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69417\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_name(\"Debian Security Advisory DSA 2207-1 (tomcat5.5)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB5\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202207-1\");\n script_tag(name:\"insight\", value:\"Various vulnerabilities have been discovered in the Tomcat Servlet and\nJSP engine, resulting in denial of service, cross-site scripting,\ninformation disclosure and WAR file traversal.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 5.5.26-5lenny2.\n\nThe stable distribution (squeeze) no longer contains tomcat5.5. tomcat6\nis already fixed.\n\nThe unstable distribution (sid) no longer contains tomcat5.5. tomcat6\nis already fixed.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your tomcat5.5 packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to tomcat5.5\nannounced via advisory DSA 2207-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libtomcat5.5-java\", ver:\"5.5.26-5lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat5.5\", ver:\"5.5.26-5lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat5.5-admin\", ver:\"5.5.26-5lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat5.5-webapps\", ver:\"5.5.26-5lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2017-07-24T12:50:53", "description": "The remote host is missing updates announced in\nadvisory GLSA 201206-24.", "cvss3": {}, "published": "2012-08-10T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201206-24 (apache tomcat)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4312", "CVE-2009-0033", "CVE-2011-1088", "CVE-2010-4172", "CVE-2011-1183", "CVE-2012-0022", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2011-2204", "CVE-2011-1419", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-1582", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-4858", "CVE-2011-0534", "CVE-2011-5063", "CVE-2009-2901", "CVE-2011-5062", "CVE-2011-1184", "CVE-2010-2227", "CVE-2009-0783", "CVE-2010-3718", "CVE-2011-3375", "CVE-2011-5064", "CVE-2011-1475", "CVE-2009-2902", "CVE-2011-3190", "CVE-2011-2481"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:71550", "href": "http://plugins.openvas.org/nasl.php?oid=71550", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were found in Apache Tomcat, the worst of\nwhich allowing to read, modify and overwrite arbitrary files.\";\ntag_solution = \"All Apache Tomcat 6.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-6.0.35'\n \n\nAll Apache Tomcat 7.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-7.0.23'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201206-24\nhttp://bugs.gentoo.org/show_bug.cgi?id=272566\nhttp://bugs.gentoo.org/show_bug.cgi?id=273662\nhttp://bugs.gentoo.org/show_bug.cgi?id=303719\nhttp://bugs.gentoo.org/show_bug.cgi?id=320963\nhttp://bugs.gentoo.org/show_bug.cgi?id=329937\nhttp://bugs.gentoo.org/show_bug.cgi?id=373987\nhttp://bugs.gentoo.org/show_bug.cgi?id=374619\nhttp://bugs.gentoo.org/show_bug.cgi?id=382043\nhttp://bugs.gentoo.org/show_bug.cgi?id=386213\nhttp://bugs.gentoo.org/show_bug.cgi?id=396401\nhttp://bugs.gentoo.org/show_bug.cgi?id=399227\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201206-24.\";\n\n \n \nif(description)\n{\n script_id(71550);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2010-4312\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-1088\", \"CVE-2011-1183\", \"CVE-2011-1184\", \"CVE-2011-1419\", \"CVE-2011-1475\", \"CVE-2011-1582\", \"CVE-2011-2204\", \"CVE-2011-2481\", \"CVE-2011-2526\", \"CVE-2011-2729\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:53 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201206-24 (apache tomcat)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-servers/tomcat\", unaffected: make_list(\"rge 6.0.35\", \"ge 7.0.23\"), vulnerable: make_list(\"rlt 5.5.34\", \"rlt 6.0.35\", \"lt 7.0.23\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:54", "description": "The remote host is missing updates announced in\nadvisory GLSA 201206-24.", "cvss3": {}, "published": "2012-08-10T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201206-24 (apache tomcat)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4312", "CVE-2009-0033", "CVE-2011-1088", "CVE-2010-4172", "CVE-2011-1183", "CVE-2012-0022", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2011-2204", "CVE-2011-1419", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-1582", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-4858", "CVE-2011-0534", "CVE-2011-5063", "CVE-2009-2901", "CVE-2011-5062", "CVE-2011-1184", "CVE-2010-2227", "CVE-2009-0783", "CVE-2010-3718", "CVE-2011-3375", "CVE-2011-5064", "CVE-2011-1475", "CVE-2009-2902", "CVE-2011-3190", "CVE-2011-2481"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:136141256231071550", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071550", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201206_24.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71550\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2010-4312\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-1088\", \"CVE-2011-1183\", \"CVE-2011-1184\", \"CVE-2011-1419\", \"CVE-2011-1475\", \"CVE-2011-1582\", \"CVE-2011-2204\", \"CVE-2011-2481\", \"CVE-2011-2526\", \"CVE-2011-2729\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:53 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201206-24 (apache tomcat)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities were found in Apache Tomcat, the worst of\nwhich allowing to read, modify and overwrite arbitrary files.\");\n script_tag(name:\"solution\", value:\"All Apache Tomcat 6.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-6.0.35'\n\n\nAll Apache Tomcat 7.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-7.0.23'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201206-24\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=272566\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=273662\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=303719\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=320963\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=329937\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=373987\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=374619\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=382043\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=386213\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=396401\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=399227\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201206-24.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-servers/tomcat\", unaffected: make_list(\"rge 6.0.35\", \"ge 7.0.23\"), vulnerable: make_list(\"rlt 5.5.34\", \"rlt 6.0.35\", \"lt 7.0.23\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-02T21:09:54", "description": "The remote host is missing Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002.\n One or more of the following components are affected:\n\n AppKit\n Application Firewall\n AFP Server\n Apache\n ClamAV\n CoreAudio\n CoreMedia\n CoreTypes\n CUPS\n curl\n Cyrus IMAP\n Cyrus SASL\n DesktopServices\n Disk Images\n Directory Services\n Dovecot\n Event Monitor\n FreeRADIUS\n FTP Server\n iChat Server\n ImageIO\n Image RAW\n Libsystem\n Mail\n Mailman\n MySQL\n OS Services\n Password Server\n perl\n PHP\n Podcast Producer\n Preferences\n PS Normalizer\n QuickTime\n Ruby\n Server Admin\n SMB\n Tomcat\n unzip\n vim\n Wiki Server\n X11\n xar", "cvss3": {}, "published": "2010-05-12T00:00:00", "type": "openvas", "title": "Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0060", "CVE-2010-0517", "CVE-2010-0505", "CVE-2009-2906", "CVE-2008-0564", "CVE-2010-0041", "CVE-2009-2446", "CVE-2009-3558", "CVE-2009-2417", "CVE-2008-0888", "CVE-2010-0498", "CVE-2010-0506", "CVE-2009-2632", "CVE-2008-5302", "CVE-2009-0033", "CVE-2008-4456", "CVE-2010-0515", "CVE-2010-0500", "CVE-2009-1904", "CVE-2010-0537", "CVE-2009-4030", "CVE-2010-0522", "CVE-2008-5303", "CVE-2010-0520", "CVE-2010-0504", "CVE-2010-0514", "CVE-2009-2693", "CVE-2010-0519", "CVE-2009-2042", "CVE-2010-0510", "CVE-2010-0511", "CVE-2009-0580", "CVE-2010-0512", "CVE-2009-0781", "CVE-2009-4214", "CVE-2008-5515", "CVE-2003-0063", "CVE-2009-2801", "CVE-2010-0055", "CVE-2009-0688", "CVE-2010-0523", "CVE-2010-0497", "CVE-2010-0503", "CVE-2010-0056", "CVE-2010-0533", "CVE-2010-0501", "CVE-2009-0316", "CVE-2009-3009", "CVE-2010-0062", "CVE-2009-4142", "CVE-2010-0507", "CVE-2010-0508", "CVE-2009-0689", "CVE-2009-0037", "CVE-2010-0525", "CVE-2009-2901", "CVE-2008-4101", "CVE-2010-0063", "CVE-2010-0065", "CVE-2010-0509", "CVE-2009-2422", "CVE-2009-3095", "CVE-2010-0058", "CVE-2010-0059", "CVE-2009-4017", "CVE-2010-0535", "CVE-2009-0783", "CVE-2009-4143", "CVE-2010-0043", "CVE-2010-0518", "CVE-2010-0526", "CVE-2010-0516", "CVE-2010-0513", "CVE-2009-3559", "CVE-2010-0502", "CVE-2008-7247", "CVE-2006-1329", "CVE-2009-2902", "CVE-2010-0057", "CVE-2008-2712", "CVE-2009-4019", "CVE-2010-0521", "CVE-2010-0393", "CVE-2010-0524", "CVE-2010-0064", "CVE-2010-0534", "CVE-2010-0042", "CVE-2009-3557"], "modified": "2017-02-22T00:00:00", "id": "OPENVAS:102039", "href": "http://plugins.openvas.org/nasl.php?oid=102039", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002\n#\n# LSS-NVT-2010-028\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\ntag_solution = \"Update your Mac OS X operating system.\n\n For more information see:\n http://support.apple.com/kb/HT4077\";\n\ntag_summary = \"The remote host is missing Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002.\n One or more of the following components are affected:\n\n AppKit\n Application Firewall\n AFP Server\n Apache\n ClamAV\n CoreAudio\n CoreMedia\n CoreTypes\n CUPS\n curl\n Cyrus IMAP\n Cyrus SASL\n DesktopServices\n Disk Images\n Directory Services\n Dovecot\n Event Monitor\n FreeRADIUS\n FTP Server\n iChat Server\n ImageIO\n Image RAW\n Libsystem\n Mail\n Mailman\n MySQL\n OS Services\n Password Server\n perl\n PHP\n Podcast Producer\n Preferences\n PS Normalizer\n QuickTime\n Ruby\n Server Admin\n SMB\n Tomcat\n unzip\n vim\n Wiki Server\n X11\n xar\";\n\n\nif(description)\n{\n script_id(102039);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2010-0056\",\"CVE-2009-2801\",\"CVE-2010-0057\",\"CVE-2010-0533\",\"CVE-2009-3095\",\"CVE-2010-0058\",\"CVE-2010-0059\",\"CVE-2010-0060\",\"CVE-2010-0062\",\"CVE-2010-0063\",\"CVE-2010-0393\",\"CVE-2009-2417\",\"CVE-2009-0037\",\"CVE-2009-2632\",\"CVE-2009-0688\",\"CVE-2010-0064\",\"CVE-2010-0537\",\"CVE-2010-0065\",\"CVE-2010-0497\",\"CVE-2010-0498\",\"CVE-2010-0535\",\"CVE-2010-0500\",\"CVE-2010-0524\",\"CVE-2010-0501\",\"CVE-2006-1329\",\"CVE-2010-0502\",\"CVE-2010-0503\",\"CVE-2010-0504\",\"CVE-2010-0505\",\"CVE-2010-0041\",\"CVE-2010-0042\",\"CVE-2010-0043\",\"CVE-2010-0506\",\"CVE-2010-0507\",\"CVE-2009-0689\",\"CVE-2010-0508\",\"CVE-2010-0525\",\"CVE-2008-0564\",\"CVE-2008-4456\",\"CVE-2008-7247\",\"CVE-2009-2446\",\"CVE-2009-4019\",\"CVE-2009-4030\",\"CVE-2010-0509\",\"CVE-2010-0510\",\"CVE-2008-5302\",\"CVE-2008-5303\",\"CVE-2009-3557\",\"CVE-2009-3558\",\"CVE-2009-3559\",\"CVE-2009-4017\",\"CVE-2009-4142\",\"CVE-2009-4143\",\"CVE-2010-0511\",\"CVE-2010-0512\",\"CVE-2010-0513\",\"CVE-2010-0514\",\"CVE-2010-0515\",\"CVE-2010-0516\",\"CVE-2010-0517\",\"CVE-2010-0518\",\"CVE-2010-0519\",\"CVE-2010-0520\",\"CVE-2010-0526\",\"CVE-2009-2422\",\"CVE-2009-3009\",\"CVE-2009-4214\",\"CVE-2009-1904\",\"CVE-2010-0521\",\"CVE-2010-0522\",\"CVE-2009-2906\",\"CVE-2009-0580\",\"CVE-2009-0033\",\"CVE-2009-0783\",\"CVE-2008-5515\",\"CVE-2009-0781\",\"CVE-2009-2901\",\"CVE-2009-2902\",\"CVE-2009-2693\",\"CVE-2008-0888\",\"CVE-2008-2712\",\"CVE-2008-4101\",\"CVE-2009-0316\",\"CVE-2010-0523\",\"CVE-2010-0534\",\"CVE-2009-2042\",\"CVE-2003-0063\",\"CVE-2010-0055\");\n script_name(\"Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_require_ports(\"Services/ssh\", 22);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver) exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.5.8\",\"Mac OS X Server 10.5.8\",\"Mac OS X 10.6.2\",\"Mac OS X Server 10.6.2\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message(0); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.8\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.5.8\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X 10.5.8\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2010.002\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.8\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.5.8\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X Server 10.5.8\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2010.002\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.6.2\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.6.3\")) { security_message(0); exit(0); }\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.6.2\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.6.3\")) { security_message(0); exit(0); }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:11", "description": "The remote host is missing Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002.", "cvss3": {}, "published": "2010-05-12T00:00:00", "type": "openvas", "title": "Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0060", "CVE-2010-0517", "CVE-2010-0505", "CVE-2009-2906", "CVE-2008-0564", "CVE-2010-0041", "CVE-2009-2446", "CVE-2009-3558", "CVE-2009-2417", "CVE-2008-0888", "CVE-2010-0498", "CVE-2010-0506", "CVE-2009-2632", "CVE-2008-5302", "CVE-2009-0033", "CVE-2008-4456", "CVE-2010-0515", "CVE-2010-0500", "CVE-2009-1904", "CVE-2010-0537", "CVE-2009-4030", "CVE-2010-0522", "CVE-2008-5303", "CVE-2010-0520", "CVE-2010-0504", "CVE-2010-0514", "CVE-2009-2693", "CVE-2010-0519", "CVE-2009-2042", "CVE-2010-0510", "CVE-2010-0511", "CVE-2009-0580", "CVE-2010-0512", "CVE-2009-0781", "CVE-2009-4214", "CVE-2008-5515", "CVE-2003-0063", "CVE-2009-2801", "CVE-2010-0055", "CVE-2009-0688", "CVE-2010-0523", "CVE-2010-0497", "CVE-2010-0503", "CVE-2010-0056", "CVE-2010-0533", "CVE-2010-0501", "CVE-2009-0316", "CVE-2009-3009", "CVE-2010-0062", "CVE-2009-4142", "CVE-2010-0507", "CVE-2010-0508", "CVE-2009-0689", "CVE-2009-0037", "CVE-2010-0525", "CVE-2009-2901", "CVE-2008-4101", "CVE-2010-0063", "CVE-2010-0065", "CVE-2010-0509", "CVE-2009-2422", "CVE-2009-3095", "CVE-2010-0058", "CVE-2010-0059", "CVE-2009-4017", "CVE-2010-0535", "CVE-2009-0783", "CVE-2009-4143", "CVE-2010-0043", "CVE-2010-0518", "CVE-2010-0526", "CVE-2010-0516", "CVE-2010-0513", "CVE-2009-3559", "CVE-2010-0502", "CVE-2008-7247", "CVE-2006-1329", "CVE-2009-2902", "CVE-2010-0057", "CVE-2008-2712", "CVE-2009-4019", "CVE-2010-0521", "CVE-2010-0393", "CVE-2010-0524", "CVE-2010-0064", "CVE-2010-0534", "CVE-2010-0042", "CVE-2009-3557"], "modified": "2019-03-19T00:00:00", "id": "OPENVAS:1361412562310102039", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310102039", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n# $Id: macosx_upd_10_6_3_secupd_2010-002.nasl 14307 2019-03-19 10:09:27Z cfischer $\n#\n# Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002\n#\n# LSS-NVT-2010-028\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.102039\");\n script_version(\"$Revision: 14307 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 11:09:27 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2010-0056\", \"CVE-2009-2801\", \"CVE-2010-0057\", \"CVE-2010-0533\", \"CVE-2009-3095\",\n \"CVE-2010-0058\", \"CVE-2010-0059\", \"CVE-2010-0060\", \"CVE-2010-0062\", \"CVE-2010-0063\",\n \"CVE-2010-0393\", \"CVE-2009-2417\", \"CVE-2009-0037\", \"CVE-2009-2632\", \"CVE-2009-0688\",\n \"CVE-2010-0064\", \"CVE-2010-0537\", \"CVE-2010-0065\", \"CVE-2010-0497\", \"CVE-2010-0498\",\n \"CVE-2010-0535\", \"CVE-2010-0500\", \"CVE-2010-0524\", \"CVE-2010-0501\", \"CVE-2006-1329\",\n \"CVE-2010-0502\", \"CVE-2010-0503\", \"CVE-2010-0504\", \"CVE-2010-0505\", \"CVE-2010-0041\",\n \"CVE-2010-0042\", \"CVE-2010-0043\", \"CVE-2010-0506\", \"CVE-2010-0507\", \"CVE-2009-0689\",\n \"CVE-2010-0508\", \"CVE-2010-0525\", \"CVE-2008-0564\", \"CVE-2008-4456\", \"CVE-2008-7247\",\n \"CVE-2009-2446\", \"CVE-2009-4019\", \"CVE-2009-4030\", \"CVE-2010-0509\", \"CVE-2010-0510\",\n \"CVE-2008-5302\", \"CVE-2008-5303\", \"CVE-2009-3557\", \"CVE-2009-3558\", \"CVE-2009-3559\",\n \"CVE-2009-4017\", \"CVE-2009-4142\", \"CVE-2009-4143\", \"CVE-2010-0511\", \"CVE-2010-0512\",\n \"CVE-2010-0513\", \"CVE-2010-0514\", \"CVE-2010-0515\", \"CVE-2010-0516\", \"CVE-2010-0517\",\n \"CVE-2010-0518\", \"CVE-2010-0519\", \"CVE-2010-0520\", \"CVE-2010-0526\", \"CVE-2009-2422\",\n \"CVE-2009-3009\", \"CVE-2009-4214\", \"CVE-2009-1904\", \"CVE-2010-0521\", \"CVE-2010-0522\",\n \"CVE-2009-2906\", \"CVE-2009-0580\", \"CVE-2009-0033\", \"CVE-2009-0783\", \"CVE-2008-5515\",\n \"CVE-2009-0781\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2009-2693\", \"CVE-2008-0888\",\n \"CVE-2008-2712\", \"CVE-2008-4101\", \"CVE-2009-0316\", \"CVE-2010-0523\", \"CVE-2010-0534\",\n \"CVE-2009-2042\", \"CVE-2003-0063\", \"CVE-2010-0055\");\n script_name(\"Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.[56]\\.\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT4077\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002.\");\n\n script_tag(name:\"affected\", value:\"One or more of the following components are affected:\n\n AppKit\n\n Application Firewall\n\n AFP Server\n\n Apache\n\n ClamAV\n\n CoreAudio\n\n CoreMedia\n\n CoreTypes\n\n CUPS\n\n curl\n\n Cyrus IMAP\n\n Cyrus SASL\n\n DesktopServices\n\n Disk Images\n\n Directory Services\n\n Dovecot\n\n Event Monitor\n\n FreeRADIUS\n\n FTP Server\n\n iChat Server\n\n ImageIO\n\n Image RAW\n\n Libsystem\n\n Mail\n\n Mailman\n\n MySQL\n\n OS Services\n\n Password Server\n\n perl\n\n PHP\n\n Podcast Producer\n\n Preferences\n\n PS Normalizer\n\n QuickTime\n\n Ruby\n\n Server Admin\n\n SMB\n\n Tomcat\n\n unzip\n\n vim\n\n Wiki Server\n\n X11\n\n xar\");\n\n script_tag(name:\"solution\", value:\"Update your Mac OS X operating system. Please see the references for more information.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver || ssh_osx_ver !~ \"^10\\.[56]\\.\") exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.5.8\",\"Mac OS X Server 10.5.8\",\"Mac OS X 10.6.2\",\"Mac OS X Server 10.6.2\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.8\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.5.8\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X 10.5.8\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2010.002\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.8\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.5.8\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X Server 10.5.8\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2010.002\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.6.2\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.6.3\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0); }\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.6.2\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.6.3\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0); }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-19T16:08:51", "description": "The remote ESXi is missing one or more security related Updates from VMSA-2011-0003.2.", "cvss3": {}, "published": "2012-03-16T00:00:00", "type": "openvas", "title": "VMware ESXi/ESX Third party component updates (VMSA-2011-0003.2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0307", "CVE-2010-3562", "CVE-2010-0740", "CVE-2010-2066", "CVE-2010-0089", "CVE-2010-0008", "CVE-2010-0886", "CVE-2010-3557", "CVE-2010-1641", "CVE-2008-0106", "CVE-2010-2248", "CVE-2010-0088", "CVE-2010-2226", "CVE-2010-0410", "CVE-2010-3551", "CVE-2010-0730", "CVE-2010-0085", "CVE-2008-3825", "CVE-2010-0007", "CVE-2008-0086", "CVE-2010-3553", "CVE-2010-3550", "CVE-2010-2521", "CVE-2010-0087", "CVE-2010-1437", "CVE-2010-3566", "CVE-2010-2939", "CVE-2010-3565", "CVE-2010-0092", "CVE-2010-1187", "CVE-2010-3572", "CVE-2009-2693", "CVE-2010-0848", "CVE-2010-0291", "CVE-2010-0082", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-2070", "CVE-2010-2524", "CVE-2010-0839", "CVE-2010-0094", "CVE-2010-3574", "CVE-2010-0415", "CVE-2010-1157", "CVE-2010-1084", "CVE-2010-0847", "CVE-2010-0842", "CVE-2010-3541", "CVE-2010-0845", "CVE-2010-3571", "CVE-2009-3555", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-2240", "CVE-2010-0837", "CVE-2009-2901", "CVE-2010-3559", "CVE-2010-1321", "CVE-2010-3081", "CVE-2010-3556", "CVE-2010-0734", "CVE-2010-0849", "CVE-2008-0085", "CVE-2010-3561", "CVE-2008-5416", "CVE-2010-2227", "CVE-2010-0091", "CVE-2010-0622", "CVE-2010-3549", "CVE-2010-1085", "CVE-2010-1086", "CVE-2010-0090", "CVE-2010-3554", "CVE-2010-0433", "CVE-2010-1436", "CVE-2010-2928", "CVE-2010-1173", "CVE-2010-0437", "CVE-2010-3864", "CVE-2010-0093", "CVE-2009-4308", "CVE-2008-0107", "CVE-2010-1088", "CVE-2009-1384", "CVE-2010-3567", "CVE-2010-3573", "CVE-2010-0003", "CVE-2010-1087", "CVE-2009-2902", "CVE-2010-3548", "CVE-2010-0843", "CVE-2010-3568", "CVE-2010-0084", "CVE-2010-0850", "CVE-2010-3569", "CVE-2009-3548"], "modified": "2019-12-18T00:00:00", "id": "OPENVAS:1361412562310103454", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103454", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103454\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2009-3548\", \"CVE-2010-2227\", \"CVE-2010-1157\", \"CVE-2010-2928\", \"CVE-2010-0734\", \"CVE-2010-1084\", \"CVE-2010-2066\", \"CVE-2010-2070\", \"CVE-2010-2226\", \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2524\", \"CVE-2010-0008\", \"CVE-2010-0415\", \"CVE-2010-0437\", \"CVE-2009-4308\", \"CVE-2010-0003\", \"CVE-2010-0007\", \"CVE-2010-0307\", \"CVE-2010-1086\", \"CVE-2010-0410\", \"CVE-2010-0730\", \"CVE-2010-1085\", \"CVE-2010-0291\", \"CVE-2010-0622\", \"CVE-2010-1087\", \"CVE-2010-1173\", \"CVE-2010-1437\", \"CVE-2010-1088\", \"CVE-2010-1187\", \"CVE-2010-1436\", \"CVE-2010-1641\", \"CVE-2010-3081\", \"CVE-2010-2240\", \"CVE-2008-5416\", \"CVE-2008-0085\", \"CVE-2008-0086\", \"CVE-2008-0107\", \"CVE-2008-0106\", \"CVE-2010-0740\", \"CVE-2010-0433\", \"CVE-2010-3864\", \"CVE-2010-2939\", \"CVE-2009-3555\", \"CVE-2010-0082\", \"CVE-2010-0084\", \"CVE-2010-0085\", \"CVE-2010-0087\", \"CVE-2010-0088\", \"CVE-2010-0089\", \"CVE-2010-0090\", \"CVE-2010-0091\", \"CVE-2010-0092\", \"CVE-2010-0093\", \"CVE-2010-0094\", \"CVE-2010-0095\", \"CVE-2010-0837\", \"CVE-2010-0838\", \"CVE-2010-0839\", \"CVE-2010-0840\", \"CVE-2010-0841\", \"CVE-2010-0842\", \"CVE-2010-0843\", \"CVE-2010-0844\", \"CVE-2010-0845\", \"CVE-2010-0846\", \"CVE-2010-0847\", \"CVE-2010-0848\", \"CVE-2010-0849\", \"CVE-2010-0850\", \"CVE-2010-0886\", \"CVE-2010-3556\", \"CVE-2010-3566\", \"CVE-2010-3567\", \"CVE-2010-3550\", \"CVE-2010-3561\", \"CVE-2010-3573\", \"CVE-2010-3565\", \"CVE-2010-3568\", \"CVE-2010-3569\", \"CVE-2010-1321\", \"CVE-2010-3548\", \"CVE-2010-3551\", \"CVE-2010-3562\", \"CVE-2010-3571\", \"CVE-2010-3554\", \"CVE-2010-3559\", \"CVE-2010-3572\", \"CVE-2010-3553\", \"CVE-2010-3549\", \"CVE-2010-3557\", \"CVE-2010-3541\", \"CVE-2010-3574\", \"CVE-2008-3825\", \"CVE-2009-1384\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"2019-12-18T11:13:08+0000\");\n script_name(\"VMware ESXi/ESX Third party component updates (VMSA-2011-0003.2)\");\n script_tag(name:\"last_modification\", value:\"2019-12-18 11:13:08 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-03-16 11:19:42 +0100 (Fri, 16 Mar 2012)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\", \"VMware/ESX/version\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2011-0003.html\");\n\n script_tag(name:\"summary\", value:\"The remote ESXi is missing one or more security related Updates from VMSA-2011-0003.2.\");\n\n script_tag(name:\"affected\", value:\"ESXi 4.1 without patch ESXi410-201101201-SG\n\n ESXi 4.0 without patch ESXi400-201103401-SG\n\n ESX 4.1 without patch ESX410-201101201-SG\n\n ESX 4.0 without patches ESX400-201103401-SG, ESX400-201103403-SG\");\n\n script_tag(name:\"insight\", value:\"a. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3\n\n Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter\n Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address\n multiple security issues that exist in the earlier releases of Microsoft SQL Express. Customers using other database\n solutions need not update for these issues.\n\n b. vCenter Apache Tomcat Management Application Credential Disclosure\n\n The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local\n users. The issue is resolved by removing the Manager application in vCenter 4.1 Update 1. If vCenter 4.1 is updated to vCenter\n 4.1 Update 1 the logon credentials are not present in the configuration file after the update.\n\n c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21\n\n Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE.\n\n d. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26\n\n Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE.\n\n e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28\n\n Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache\n Tomcat\n\n f. vCenter Server third party component OpenSSL updated to version 0.9.8n\n\n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n.\n\n g. ESX third party component OpenSSL updated to version 0.9.8p\n\n The version of the ESX OpenSSL library is updated to 0.9.8p.\n\n h. ESXi third party component cURL updated\n\n The version of cURL library in ESXi is updated.\n\n i. ESX third party component pam_krb5 updated\n\n The version of pam_krb5 library is updated.\n\n j. ESX third party update for Service Console kernel\n\n The Service Console kernel is updated to include kernel version 2.6.18-194.11.1.\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if the target host is missing one or more patch(es).\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"vmware_esx.inc\");\n\nif(!get_kb_item(\"VMware/ESXi/LSC\"))\n exit(0);\n\nif(!esxVersion = get_kb_item(\"VMware/ESX/version\"))\n exit(0);\n\npatches = make_array(\"4.1.0\", \"ESXi410-201101201-SG\",\n \"4.0.0\", \"ESXi400-201103401-SG\");\n\nif(!patches[esxVersion])\n exit(99);\n\nif(report = esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-10-30T10:48:18", "description": "The remote ESXi is missing one or more security related Updates from VMSA-2011-0003.2.\n\nSummary\n\nUpdate 1 for vCenter Server 4.x, vCenter Update Manager 4.x, vSphere Hypervisor (ESXi) 4.1, ESXi 4.1,\naddresses several security issues.\n\nRelevant releases\n\nvCenter Server 4.1 without Update 1,\nvCenter Server 4.0 without Update 3,\nvCenter Update Manager 4.1 without Update 1,\nvCenter Update Manager 4.0 without Update 3,\nESXi 4.1 without patch ESXi410-201101201-SG,\nESXi 4.0 without patch ESXi400-201103401-SG.\nESX 4.1 without patch ESX410-201101201-SG.\nESX 4.0 without patches ESX400-201103401-SG, ESX400-201103403-SG.\n \nProblem Description\n\na. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3\n\n Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter\n Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address\n multiple security issues that exist in the earlier releases of Microsoft SQL Express. Customers using other database\n solutions need not update for these issues.\n\nb. vCenter Apache Tomcat Management Application Credential Disclosure\n\n The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local\n users. The issue is resolved by removing the Manager application in vCenter 4.1 Update 1. If vCenter 4.1 is updated to vCenter\n 4.1 Update 1 the logon credentials are not present in the configuration file after the update.\n\nc. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21\n\n Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of \n Oracle (Sun) JRE.\n\nd. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26\n\n Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of \n Oracle (Sun) JRE.\n\ne. vCenter Server and ESX Apache Tomcat updated to version 6.0.28\n\n Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache\n Tomcat\n\nf. vCenter Server third party component OpenSSL updated to version 0.9.8n\n\n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n.\n\ng. ESX third party component OpenSSL updated to version 0.9.8p\n\n The version of the ESX OpenSSL library is updated to 0.9.8p.\n\nh. ESXi third party component cURL updated\n\n The version of cURL library in ESXi is updated.\n\ni. ESX third party component pam_krb5 updated\n\n The version of pam_krb5 library is updated.\n\nj. ESX third party update for Service Console kernel\n\n The Service Console kernel is updated to include kernel version 2.6.18-194.11.1.", "cvss3": {}, "published": "2012-03-16T00:00:00", "type": "openvas", "title": "VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0307", "CVE-2010-3562", "CVE-2010-0740", "CVE-2010-2066", "CVE-2010-0089", "CVE-2010-0008", "CVE-2010-0886", "CVE-2010-3557", "CVE-2010-1641", "CVE-2008-0106", "CVE-2010-2248", "CVE-2010-0088", "CVE-2010-2226", "CVE-2010-0410", "CVE-2010-3551", "CVE-2010-0730", "CVE-2010-0085", "CVE-2008-3825", "CVE-2010-0007", "CVE-2008-0086", "CVE-2010-3553", "CVE-2010-3550", "CVE-2010-2521", "CVE-2010-0087", "CVE-2010-1437", "CVE-2010-3566", "CVE-2010-2939", "CVE-2010-3565", "CVE-2010-0092", "CVE-2010-1187", "CVE-2010-3572", "CVE-2009-2693", "CVE-2010-0848", "CVE-2010-0291", "CVE-2010-0082", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-2070", "CVE-2010-2524", "CVE-2010-0839", "CVE-2010-0094", "CVE-2010-3574", "CVE-2010-0415", "CVE-2010-1157", "CVE-2010-1084", "CVE-2010-0847", "CVE-2010-0842", "CVE-2010-3541", "CVE-2010-0845", "CVE-2010-3571", "CVE-2009-3555", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-2240", "CVE-2010-0837", "CVE-2009-2901", "CVE-2010-3559", "CVE-2010-1321", "CVE-2010-3081", "CVE-2010-3556", "CVE-2010-0734", "CVE-2010-0849", "CVE-2008-0085", "CVE-2010-3561", "CVE-2008-5416", "CVE-2010-2227", "CVE-2010-0091", "CVE-2010-0622", "CVE-2010-3549", "CVE-2010-1085", "CVE-2010-1086", "CVE-2010-0090", "CVE-2010-3554", "CVE-2010-0433", "CVE-2010-1436", "CVE-2010-2928", "CVE-2010-1173", "CVE-2010-0437", "CVE-2010-3864", "CVE-2010-0093", "CVE-2009-4308", "CVE-2008-0107", "CVE-2010-1088", "CVE-2009-1384", "CVE-2010-3567", "CVE-2010-3573", "CVE-2010-0003", "CVE-2010-1087", "CVE-2009-2902", "CVE-2010-3548", "CVE-2010-0843", "CVE-2010-3568", "CVE-2010-0084", "CVE-2010-0850", "CVE-2010-3569", "CVE-2009-3548"], "modified": "2017-10-26T00:00:00", "id": "OPENVAS:103454", "href": "http://plugins.openvas.org/nasl.php?oid=103454", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_VMSA-2011-0003.nasl 7583 2017-10-26 12:07:01Z cfischer $\n#\n# VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Apply the missing patch(es).\n\nSee Also:\nhttp://www.vmware.com/security/advisories/VMSA-2011-0003.html\";\n\ntag_summary = \"The remote ESXi is missing one or more security related Updates from VMSA-2011-0003.2.\n\nSummary\n\nUpdate 1 for vCenter Server 4.x, vCenter Update Manager 4.x, vSphere Hypervisor (ESXi) 4.1, ESXi 4.1,\naddresses several security issues.\n\nRelevant releases\n\nvCenter Server 4.1 without Update 1,\nvCenter Server 4.0 without Update 3,\nvCenter Update Manager 4.1 without Update 1,\nvCenter Update Manager 4.0 without Update 3,\nESXi 4.1 without patch ESXi410-201101201-SG,\nESXi 4.0 without patch ESXi400-201103401-SG.\nESX 4.1 without patch ESX410-201101201-SG.\nESX 4.0 without patches ESX400-201103401-SG, ESX400-201103403-SG.\n \nProblem Description\n\na. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3\n\n Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter\n Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address\n multiple security issues that exist in the earlier releases of Microsoft SQL Express. Customers using other database\n solutions need not update for these issues.\n\nb. vCenter Apache Tomcat Management Application Credential Disclosure\n\n The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local\n users. The issue is resolved by removing the Manager application in vCenter 4.1 Update 1. If vCenter 4.1 is updated to vCenter\n 4.1 Update 1 the logon credentials are not present in the configuration file after the update.\n\nc. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21\n\n Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of \n Oracle (Sun) JRE.\n\nd. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26\n\n Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of \n Oracle (Sun) JRE.\n\ne. vCenter Server and ESX Apache Tomcat updated to version 6.0.28\n\n Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache\n Tomcat\n\nf. vCenter Server third party component OpenSSL updated to version 0.9.8n\n\n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n.\n\ng. ESX third party component OpenSSL updated to version 0.9.8p\n\n The version of the ESX OpenSSL library is updated to 0.9.8p.\n\nh. ESXi third party component cURL updated\n\n The version of cURL library in ESXi is updated.\n\ni. ESX third party component pam_krb5 updated\n\n The version of pam_krb5 library is updated.\n\nj. ESX third party update for Service Console kernel\n\n The Service Console kernel is updated to include kernel version 2.6.18-194.11.1.\";\n\n\nif (description)\n{\n script_id(103454);\n script_cve_id(\"CVE-2009-2693\",\"CVE-2009-2901\",\"CVE-2009-2902\",\"CVE-2009-3548\",\"CVE-2010-2227\",\"CVE-2010-1157\",\"CVE-2010-2928\",\"CVE-2010-0734\",\"CVE-2010-1084\",\"CVE-2010-2066\",\"CVE-2010-2070\",\"CVE-2010-2226\",\"CVE-2010-2248\",\"CVE-2010-2521\",\"CVE-2010-2524\",\"CVE-2010-0008\",\"CVE-2010-0415\",\"CVE-2010-0437\",\"CVE-2009-4308\",\"CVE-2010-0003\",\"CVE-2010-0007\",\"CVE-2010-0307\",\"CVE-2010-1086\",\"CVE-2010-0410\",\"CVE-2010-0730\",\"CVE-2010-1085\",\"CVE-2010-0291\",\"CVE-2010-0622\",\"CVE-2010-1087\",\"CVE-2010-1173\",\"CVE-2010-1437\",\"CVE-2010-1088\",\"CVE-2010-1187\",\"CVE-2010-1436\",\"CVE-2010-1641\",\"CVE-2010-3081\",\"CVE-2010-2240\",\"CVE-2008-5416\",\"CVE-2008-0085\",\"CVE-2008-0086\",\"CVE-2008-0107\",\"CVE-2008-0106\",\"CVE-2010-0740\",\"CVE-2010-0433\",\"CVE-2010-3864\",\"CVE-2010-2939\",\"CVE-2009-3555\",\"CVE-2010-0082\",\"CVE-2010-0084\",\"CVE-2010-0085\",\"CVE-2010-0087\",\"CVE-2010-0088\",\"CVE-2010-0089\",\"CVE-2010-0090\",\"CVE-2010-0091\",\"CVE-2010-0092\",\"CVE-2010-0093\",\"CVE-2010-0094\",\"CVE-2010-0095\",\"CVE-2010-0837\",\"CVE-2010-0838\",\"CVE-2010-0839\",\"CVE-2010-0840\",\"CVE-2010-0841\",\"CVE-2010-0842\",\"CVE-2010-0843\",\"CVE-2010-0844\",\"CVE-2010-0845\",\"CVE-2010-0846\",\"CVE-2010-0847\",\"CVE-2010-0848\",\"CVE-2010-0849\",\"CVE-2010-0850\",\"CVE-2010-0886\",\"CVE-2010-3556\",\"CVE-2010-3566\",\"CVE-2010-3567\",\"CVE-2010-3550\",\"CVE-2010-3561\",\"CVE-2010-3573\",\"CVE-2010-3565\",\"CVE-2010-3568\",\"CVE-2010-3569\",\"CVE-2010-1321\",\"CVE-2010-3548\",\"CVE-2010-3551\",\"CVE-2010-3562\",\"CVE-2010-3571\",\"CVE-2010-3554\",\"CVE-2010-3559\",\"CVE-2010-3572\",\"CVE-2010-3553\",\"CVE-2010-3549\",\"CVE-2010-3557\",\"CVE-2010-3541\",\"CVE-2010-3574\",\"CVE-2008-3825\",\"CVE-2009-1384\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version (\"$Revision: 7583 $\");\n script_name(\"VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-26 14:07:01 +0200 (Thu, 26 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-16 11:19:42 +0100 (Fri, 16 Mar 2012)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\",\"VMware/ESX/version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\"); # Used in _esxi_patch_missing()\ninclude(\"vmware_esx.inc\");\n\nif(!get_kb_item('VMware/ESXi/LSC'))exit(0);\nif(! esxVersion = get_kb_item(\"VMware/ESX/version\"))exit(0);\n\npatches = make_array(\"4.1.0\",\"ESXi410-201101201-SG\",\n \"4.0.0\",\"ESXi400-201103401-SG\");\n\nif(!patches[esxVersion])exit(0);\n\nif(_esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n\n security_message(port:0);\n exit(0);\n\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2022-01-04T13:22:09", "description": "It was discovered that Tomcat did not correctly validate WAR filenames or \npaths when deploying. A remote attacker could send a specially crafted WAR \nfile to be deployed and cause arbitrary files and directories to be \ncreated, overwritten, or deleted.\n", "cvss3": {}, "published": "2010-02-11T00:00:00", "type": "ubuntu", "title": "Tomcat vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2901", "CVE-2009-2902", "CVE-2009-2693"], "modified": "2010-02-11T00:00:00", "id": "USN-899-1", "href": "https://ubuntu.com/security/notices/USN-899-1", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "tomcat": [{"lastseen": "2021-12-30T15:23:05", "description": "**Low: Arbitrary file deletion and/or alteration on deploy** [CVE-2009-2693](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693>)\n\nWhen deploying WAR files, the WAR files were not checked for directory traversal attempts. This allows an attacker to create arbitrary content outside of the web root by including entries such as `../../bin/catalina.sh` in the WAR.\n\nThis was fixed in [revision 902650](<https://svn.apache.org/viewvc?view=rev&rev=902650>).\n\nThis was first reported to the Tomcat security team on 30 Jul 2009 and made public on 1 Mar 2010.\n\nAffects: 5.5.0-5.5.28\n\n**Low: Insecure partial deploy after failed undeploy** [CVE-2009-2901](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901>)\n\nBy default, Tomcat automatically deploys any directories placed in a host's appBase. This behaviour is controlled by the autoDeploy attribute of a host which defaults to true. After a failed undeploy, the remaining files will be deployed as a result of the autodeployment process. Depending on circumstances, files normally protected by one or more security constraints may be deployed without those security constraints, making them accessible without authentication. This issue only affects Windows platforms\n\nThis was fixed in [revision 902650](<https://svn.apache.org/viewvc?view=rev&rev=902650>).\n\nThis was first reported to the Tomcat security team on 30 Jul 2009 and made public on 1 Mar 2010.\n\nAffects: 5.5.0-5.5.28 (Windows only)\n\n**Low: Unexpected file deletion in work directory** [CVE-2009-2902](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902>)\n\nWhen deploying WAR files, the WAR file names were not checked for directory traversal attempts. For example, deploying and undeploying `...war` allows an attacker to cause the deletion of the current contents of the host's work directory which may cause problems for currently running applications.\n\nThis was fixed in [revision 902650](<https://svn.apache.org/viewvc?view=rev&rev=902650>).\n\nThis was first reported to the Tomcat security team on 30 Jul 2009 and made public on 1 Mar 2010.\n\nAffects: 5.5.0-5.5.28\n\n**Low: Insecure default password** [CVE-2009-3548](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548>)\n\nThe Windows installer defaults to a blank password for the administrative user. If this is not changed during the install process, then by default a user is created with the name admin, roles admin and manager and a blank password.\n\nAffects: 5.5.0-5.5.28\n\nThis was first reported to the Tomcat security team on 26 Oct 2009 and made public on 9 Nov 2009.\n\nThis was fixed in [revision 919006](<https://svn.apache.org/viewvc?view=rev&rev=919006>).", "cvss3": {}, "published": "2010-04-20T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 5.5.29", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2009-3548"], "modified": "2010-04-20T00:00:00", "id": "TOMCAT:0B64F54283D152613DC4C77D34E010AF", "href": "https://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-30T15:23:03", "description": "**Note:** _These issues were fixed in Apache Tomcat 6.0.21 but the release votes for the 6.0.21, 6.0.22 and 6.0.23 release candidates did not pass. Therefore, although users must download 6.0.24 to obtain a version that includes fixes for these issues, versions 6.0.21 onwards are not included in the list of affected versions._\n\n**Low: Arbitrary file deletion and/or alteration on deploy** [CVE-2009-2693](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693>)\n\nWhen deploying WAR files, the WAR files were not checked for directory traversal attempts. This allows an attacker to create arbitrary content outside of the web root by including entries such as `../../bin/catalina.sh` in the WAR.\n\nThis was fixed in [revision 892815](<https://svn.apache.org/viewvc?view=rev&rev=892815>).\n\nThis was first reported to the Tomcat security team on 30 Jul 2009 and made public on 1 Mar 2010.\n\nAffects: 6.0.0-6.0.20\n\n**Low: Insecure partial deploy after failed undeploy** [CVE-2009-2901](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901>)\n\nBy default, Tomcat automatically deploys any directories placed in a host's appBase. This behaviour is controlled by the autoDeploy attribute of a host which defaults to true. After a failed undeploy, the remaining files will be deployed as a result of the autodeployment process. Depending on circumstances, files normally protected by one or more security constraints may be deployed without those security constraints, making them accessible without authentication. This issue only affects Windows platforms.\n\nThis was fixed in [revision 892815](<https://svn.apache.org/viewvc?view=rev&rev=892815>).\n\nThis was first reported to the Tomcat security team on 30 Jul 2009 and made public on 1 Mar 2010.\n\nAffects: 6.0.0-6.0.20 (Windows only)\n\n**Low: Unexpected file deletion in work directory** [CVE-2009-2902](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902>)\n\nWhen deploying WAR files, the WAR file names were not checked for directory traversal attempts. For example, deploying and undeploying `...war` allows an attacker to cause the deletion of the current contents of the host's work directory which may cause problems for currently running applications.\n\nThis was fixed in [revision 892815](<https://svn.apache.org/viewvc?view=rev&rev=892815>).\n\nThis was first reported to the Tomcat security team on 30 Jul 2009 and made public on 1 Mar 2010.\n\nAffects: 6.0.0-6.0.20\n\n**Low: Insecure default password** [CVE-2009-3548](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548>)\n\nThe Windows installer defaults to a blank password for the administrative user. If this is not changed during the install process, then by default a user is created with the name admin, roles admin and manager and a blank password.\n\nThis was fixed in [revision 881771](<https://svn.apache.org/viewvc?view=rev&rev=881771>).\n\nThis was first reported to the Tomcat security team on 26 Oct 2009 and made public on 9 Nov 2009.\n\nAffects: 6.0.0-6.0.20", "cvss3": {}, "published": "2010-01-21T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 6.0.24", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2009-3548"], "modified": "2010-01-21T00:00:00", "id": "TOMCAT:C3A9DD4DC4BB2C17C62CA8202CF2A834", "href": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.24", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2021-06-08T19:14:42", "description": "Files deletion, weak permissions after re-installation.", "edition": 2, "cvss3": {}, "published": "2010-01-26T00:00:00", "title": "Apache Tomcat multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-2901", "CVE-2009-2902"], "modified": "2010-01-26T00:00:00", "id": "SECURITYVULNS:VULN:10550", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10550", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:33", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration\r\n\r\nSeverity: Low\r\n\r\nVendor:\r\nThe Apache Software Foundation\r\n\r\nVersions Affected:\r\nTomcat 5.5.0 to 5.5.28\r\nTomcat 6.0.0 to 6.0.20\r\nThe unsupported Tomcat 3.x, 4.x and 5.0.x versions may be also\r\naffected.\r\n\r\nDescription:\r\nWhen deploying WAR files, the WAR files were not checked for directory\r\ntraversal attempts. This allows an attacker to create arbitrary content\r\noutside of the web root.\r\n\r\nMitigation:\r\n6.0.x users should upgrade to 6.0.24 or apply this patch:\r\nhttp://svn.apache.org/viewvc?rev=892815&amp;view=rev\r\n5.5.x users should upgrade to 5.5.29 when released or apply this patch:\r\nhttp://svn.apache.org/viewvc?rev=902650&amp;view=rev\r\nNote: the patches also address CVE-2009-2901 and CVE-2009-2902.\r\nAlternatively, users of all Tomcat versions may mitigate this issue by\r\nmanually validating the contents of untrusted WAR files before deployment.\r\n\r\nExample:\r\nA WAR file that contains the following entry will overwrite the standard\r\nWindows start-up script when deployed on a default Tomcat installation:\r\n../../bin/catalina.bat\r\n\r\nCredit:\r\nThis issue was reported to the Apache Tomcat security team by Marc\r\nSchoenefeld of the Red Hat Security Response Team\r\n\r\nReferences:\r\n[1] http://tomcat.apache.org/security.html\r\n\r\nMark Thomas\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;Darwin&#41;\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r\n\r\niQIcBAEBAgAGBQJLXMF6AAoJEBDAHFovYFnniGcP/j9ZyFlLdzcTxJLqqWyAOdUt\r\nJ1jF8vZTIqkf/vFyrRxLgw9ihaKZQ1wpd9U3vdHulcIsuAeBtiZgIhlXKItJiTLf\r\nImsEl5a3w3Ucp2Z71/IIRxmcffz/zIjgdzmhmnRDEhiHz/wiygpRr7X1M8ZgZVXe\r\nitxFDhZu7ccWDTwUkxOoFuG6CWxb6/red3l5CaL4OtcWBTZ1aqQ5M1Io62pWErLI\r\n6F/xuGTvWn4AeXaNEgJOGFZLLyX06WQJSzaJXh/tPqI153mk5Or63m03uJy9wHqa\r\np7ULRvRNSZ57m8L08e397uCjvu4CPGf1Rm0dDDART7UaLF1Q13gP9O6DPCS88wN+\r\nypgZTERSG9t0iMHZCKNjH1huRJDVPkEJwvGdtH0wGzFwg5S+oJ/J5ETW29dQ/JUR\r\npt1U1Xz6RnzFFgQR4Xomdc4SPysDFOIAexi8dkZPDcafN7YyiMQTRyU3iNRuoaR1\r\nY32qWfqJrmVDWQ1J4BLYsrLrpgZ0s5ccq6omz36lbH+3blyVPf1th84lWg9GG6lo\r\nW3qsnJIpNfxLi9II9sDxbVpUJXLVbJmBexUDR3z9BayowNtBlwMWXEZluctGe2DO\r\nhIkNB0D33AJvMD7wY80tnXY/hH3X5Vs+ZePEmu7TQB1KXzTinEbVdNVPF8/8woaL\r\n7iN004jxhnUxQc8Fgwj4\r\n=/B5h\r\n-----END PGP SIGNATURE-----", "edition": 1, "cvss3": {}, "published": "2010-01-26T00:00:00", "title": "[SECURITY] CVE-2009-2902 Apache Tomcat unexpected file deletion in work directory", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-2901", "CVE-2009-2902", "CVE-2009-3548"], "modified": "2010-01-26T00:00:00", "id": "SECURITYVULNS:DOC:23112", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23112", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:34", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c02181353\r\nVersion: 1\r\n\r\nHPSBMA02535 SSRT100029 rev.1 - HP Performance Manager, Remote Unauthorized Access, Cross Site Scripting &#40;XSS&#41;, Denial of Service &#40;DoS&#41;\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.\r\n\r\nRelease Date: 2010-05-17\r\nLast Updated: 2010-05-17\r\n\r\nPotential Security Impact: Remote unauthorized access, cross site scripting &#40;XSS&#41;, Denial of Service &#40;DoS&#41;\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified with HP Performance Manager. The vulnerabilities could be exploited remotely to allow unauthorized access, cross\r\nsite scripting &#40;XSS&#41;, and Denial of Service &#40;DoS&#41;.\r\n\r\nReferences: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Performance Manager v8.10, v8.20, v8.21 running on HP-UX, Linux, Solaris, and Windows\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2008-5515 &#40;AV:N/AC:L/Au:N/C:P/I:N/A:N&#41; 5.0\r\nCVE-2009-0033 &#40;AV:N/AC:L/Au:N/C:N/I:N/A:P&#41; 5.0\r\nCVE-2009-0580 &#40;AV:N/AC:M/Au:N/C:P/I:N/A:N&#41; 4.3\r\nCVE-2009-0781 &#40;AV:N/AC:M/Au:N/C:N/I:P/A:N&#41; 4.3\r\nCVE-2009-0783 &#40;AV:L/AC:L/Au:N/C:P/I:P/A:N&#41; 3.6\r\nCVE-2009-2693 &#40;AV:N/AC:M/Au:N/C:N/I:P/A:P&#41; 5.8\r\nCVE-2009-2901 &#40;AV:N/AC:M/Au:N/C:P/I:N/A:N&#41; 4.3\r\nCVE-2009-2902 &#40;AV:N/AC:M/Au:N/C:N/I:P/A:N&#41; 4.3\r\nCVE-2009-3548 &#40;AV:N/AC:L/Au:N/C:P/I:P/A:P&#41; 7.5\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has made patches available to resolve the vulnerabilities.\r\n\r\nThe patches are available from http://support.openview.hp.com/selfsolve/patches\r\n\r\nHP Performance Manager v8.10, v8.20, v8.21\r\n\r\nOperating System\r\n Required Patch\r\n\r\nHP-UX &#40;IA&#41;\r\n HPPM8CPI_00001\r\n\r\nHP-UX &#40;PA&#41;\r\n HPPM8CPP_00001\r\n\r\nLinux\r\n HPPM8CPL_00001\r\n\r\nSolaris\r\n HPPM8CPS_00001\r\n\r\nWindows\r\n HPPM8CPW_00001\r\n\r\nMANUAL ACTIONS: No\r\n\r\nPRODUCT SPECIFIC INFORMATION\r\n\r\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP\r\nand lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see\r\nhttps://www.hp.com/go/swa\r\n\r\nThe following text is for use by the HP-UX Software Assistant.\r\n\r\nAFFECTED VERSIONS &#40;for HP-UX&#41;\r\n\r\nFor HP Performance Manager v8.20\r\nHP-UX B.11.31 &#40;IA&#41;\r\nHP-UX B.11.23 &#40;IA&#41;\r\n=============\r\nHPOvLcore.HPOVXPL\r\nHPOvLcore.HPOVSECCO\r\nHPOvLcore.HPOVBBC\r\nHPOvJext.HPOVJXPL\r\nHPOvJext.HPOVJSEC\r\nHPOvJext.HPOVJBBC\r\nHPOvLcore.HPOVCTRL\r\nHPOvAcc.HPOVJREB\r\nHPOvAcc.HPOVTOMCATB\r\nHPOvPerf.HPOVJPACC\r\naction: install HPPM8CPI_00001 or subsequent\r\n\r\nFor HP Performance Manager v8.10\r\nHP-UX B.11.31.&#40;PA&#41;\r\nHP-UX B.11.23 &#40;PA&#41;\r\nHP-UX B.11.11\r\n=============\r\nHPOvLcore.HPOVXPL\r\nHPOvLcore.HPOVSECCO\r\nHPOvLcore.HPOVBBC\r\nHPOvJext.HPOVJXPL\r\nHPOvJext.HPOVJSEC\r\nHPOvJext.HPOVJBBC\r\nHPOvLcore.HPOVCTRL\r\nHPOvAcc.HPOVJREB\r\nHPOvAcc.HPOVTOMCATB\r\nHPOvPerf.HPOVJPACC\r\naction: install HPPM8CPP_00001 or subsequent\r\n\r\nEND AFFECTED VERSIONS &#40;for HP-UX&#41;\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; - 17 May 2010 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the\r\ncustomer&#39;s patch management policy.\r\n\r\nSupport: For further information, contact normal HP Services support channel.\r\n\r\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\r\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.\r\nTo get the security-alert PGP key, please send an e-mail message as follows:\r\n To: security-alert@hp.com\r\n Subject: get key\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\r\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&amp;langcode=USENG&amp;jumpid=in_SC-GEN__driverITRC&amp;topiccode=ITRC\r\nOn the web page: ITRC security bulletins and patch sign-up\r\nUnder Step1: your ITRC security bulletins and patches\r\n -check ALL categories for which alerts are required and continue.\r\nUnder Step2: your ITRC operating systems\r\n -verify your operating system selections are checked and save.\r\n\r\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\r\nLog in on the web page: Subscriber&#39;s choice for Business: sign-in.\r\nOn the web page: Subscriber&#39;s Choice: your profile summary - use Edit Profile to update appropriate sections.\r\n\r\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\r\n\r\n* The Software Product Category that this Security Bulletin\r\nrelates to is represented by the 5th and 6th characters\r\nof the Bulletin number in the title:\r\n\r\nGN = HP General SW\r\nMA = HP Management Agents\r\nMI = Misc. 3rd Party SW\r\nMP = HP MPE/iX\r\nNS = HP NonStop Servers\r\nOV = HP OpenVMS\r\nPI = HP Printing &amp; Imaging\r\nST = HP Storage SW\r\nTL = HP Trusted Linux\r\nTU = HP Tru64 UNIX\r\nUX = HP-UX\r\nVV = HP VirtualVault\r\n\r\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of\r\nsoftware products to provide customers with current secure solutions.\r\n\r\n&quot;HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained\r\nin this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not\r\nwarrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from\r\nuser&#39;s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including\r\nthe warranties of merchantability and fitness for a particular purpose, title and non-infringement.&quot;\r\n\r\nCopyright 2009 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided &quot;as is&quot; without\r\nwarranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential\r\ndamages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software\r\nrestoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein\r\nare trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their\r\nrespective owners.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAkvxl94ACgkQ4B86/C0qfVkpIgCg2HZGPBdFrcWqb3R/rhxtIIXx\r\n2tsAn09dClLcnBbqIQ0k/0CEyVKebrYn\r\n=aN30\r\n-----END PGP SIGNATURE-----", "edition": 1, "cvss3": {}, "published": "2010-05-20T00:00:00", "title": "[security bulletin] HPSBMA02535 SSRT100029 rev.1 - HP Performance Manager, Remote Unauthorized Access, Cross Site Scripting &#40;XSS&#41;, Denial of Service &#40;DoS&#41;", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-0033", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2009-2901", "CVE-2009-0783", "CVE-2009-2902", "CVE-2009-3548"], "modified": "2010-05-20T00:00:00", "id": "SECURITYVULNS:DOC:23892", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23892", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:58:45", "description": "Unauthorized access, crossite scripting, DoS.", "edition": 2, "cvss3": {}, "published": "2010-05-20T00:00:00", "title": "HP Performance Manager multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-0033", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2009-2901", "CVE-2009-0783", "CVE-2009-2902", "CVE-2009-3548"], "modified": "2010-05-20T00:00:00", "id": "SECURITYVULNS:VULN:10852", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10852", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "metasploit": [{"lastseen": "2021-07-18T06:35:55", "description": "\n", "edition": 2, "cvss3": {}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "RHSA-2010:0119: JBoss Enterprise Web Server 1.0.1 update", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2693", "CVE-2009-2902", "CVE-2009-3555"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/LINUXRPM-RHSA-2010-0119/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "redhat": [{"lastseen": "2021-10-19T20:39:32", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding header in\nHTTP requests. A specially-crafted HTTP request could prevent Tomcat from\nsending replies, or cause Tomcat to return truncated replies, or replies\ncontaining data related to the requests of other users, for all subsequent\nHTTP requests. (CVE-2010-2227)\n\nTwo directory traversal flaws were found in the Tomcat deployment process.\nA specially-crafted WAR file could, when deployed, cause a file to be\ncreated outside of the web root into any directory writable by the Tomcat\nuser, or could lead to the deletion of files in the Tomcat host's work\ndirectory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Tomcat must be restarted for\nthis update to take effect.\n", "cvss3": {}, "published": "2010-08-02T00:00:00", "type": "redhat", "title": "(RHSA-2010:0582) Important: tomcat5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2693", "CVE-2009-2902", "CVE-2010-2227"], "modified": "2019-03-22T19:44:08", "id": "RHSA-2010:0582", "href": "https://access.redhat.com/errata/RHSA-2010:0582", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-10-21T04:44:56", "description": "JBoss Enterprise Web Server is a fully integrated and certified set\nof components for hosting Java web applications. It is comprised of the\nindustry's leading web server (Apache HTTP Server), the popular Apache\nTomcat servlet container, as well as the mod_jk connector and the Tomcat\nNative library.\n\nThis 1.0.1 release of JBoss Enterprise Web Server serves as a replacement\nto JBoss Enterprise Web Server 1.0.0 GA. These updated packages include\na number of bug fixes. For detailed component, installation, and bug fix\ninformation, refer to the JBoss Enterprise Web Server 1.0.1 Release Notes,\navailable shortly from the link in the References section of this erratum.\n\nThe following security issues are also fixed with this release:\n\nA directory traversal flaw was found in the Tomcat deployment process. An\nattacker could create a specially-crafted WAR file, which once deployed\nby a local, unsuspecting user, would lead to attacker-controlled content\nbeing deployed outside of the web root, into directories accessible to the\nTomcat process. (CVE-2009-2693)\n\nA second directory traversal flaw was found in the Tomcat deployment\nprocess. WAR file names were not sanitized, which could allow an attacker\nto create a specially-crafted WAR file that could delete files in the\nTomcat host's work directory. (CVE-2009-2902)\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handle session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. (CVE-2009-3555)\n\nThis update provides a mitigation for this flaw in the following\ncomponents:\n\ntomcat5 and tomcat6: A new attribute, allowUnsafeLegacyRenegotiation, is\navailable for the blocking IO (BIO) connector using JSSE, to enable or\ndisable TLS session renegotiation. The default value is \"false\", meaning\nsession renegotiation, both client- and server-initiated, is disabled by\ndefault.\n\ntomcat-native: Client-initiated renegotiation is now rejected by the native\nconnector. Server-initiated renegotiation is still allowed.\n\nRefer to the following Knowledgebase article for additional details about\nthe CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n\nAll users of JBoss Enterprise Web Server 1.0.0 on Red Hat Enterprise Linux\n4 and 5 are advised to upgrade to these updated packages.", "cvss3": {}, "published": "2010-02-23T00:00:00", "type": "redhat", "title": "(RHSA-2010:0119) Low: JBoss Enterprise Web Server 1.0.1 update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2693", "CVE-2009-2902", "CVE-2009-3555", "CVE-2010-2086"], "modified": "2016-04-04T14:31:41", "id": "RHSA-2010:0119", "href": "https://access.redhat.com/errata/RHSA-2010:0119", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-10-21T04:42:09", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding header in\nHTTP requests. A specially-crafted HTTP request could prevent Tomcat from\nsending replies, or cause Tomcat to return truncated replies, or replies\ncontaining data related to the requests of other users, for all subsequent\nHTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum text\nstated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw\nin the examples calendar application. With some web browsers, remote\nattackers could use this flaw to inject arbitrary web script or HTML via\nthe \"time\" parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment process.\nA specially-crafted WAR file could, when deployed, cause a file to be\ncreated outside of the web root into any directory writable by the Tomcat\nuser, or could lead to the deletion of files in the Tomcat host's work\ndirectory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Tomcat must be restarted for\nthis update to take effect.\n", "cvss3": {}, "published": "2010-08-02T00:00:00", "type": "redhat", "title": "(RHSA-2010:0580) Important: tomcat5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0781", "CVE-2009-2693", "CVE-2009-2696", "CVE-2009-2902", "CVE-2010-2227"], "modified": "2017-09-08T07:58:31", "id": "RHSA-2010:0580", "href": "https://access.redhat.com/errata/RHSA-2010:0580", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:16", "description": "[0:5.5.23-0jpp.9]\n- Resolves: rhbz#619424 fixed servlet-api typo. serve4-api to servlet-api\n- RHSA-2010:9748\n[0:5.5.23-0jpp.8]\n- Patches backported from RHEL-5 tomcat5-5.5.23-0jpp.10.el5\n- Updated init script for LSB compliance, catalina.log permissions\n- Resolves: CVE-2009-2693, CVE-2009-2902, CVE-2010-2227\n- CVE_2010-0781 ", "cvss3": {}, "published": "2010-08-02T00:00:00", "type": "oraclelinux", "title": "tomcat5 security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2010-2227", "CVE-2009-2696", "CVE-2009-2902"], "modified": "2010-08-02T00:00:00", "id": "ELSA-2010-0580", "href": "http://linux.oracle.com/errata/ELSA-2010-0580.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "centos": [{"lastseen": "2022-02-27T11:57:57", "description": "**CentOS Errata and Security Advisory** CESA-2010:0580\n\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding header in\nHTTP requests. A specially-crafted HTTP request could prevent Tomcat from\nsending replies, or cause Tomcat to return truncated replies, or replies\ncontaining data related to the requests of other users, for all subsequent\nHTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum text\nstated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw\nin the examples calendar application. With some web browsers, remote\nattackers could use this flaw to inject arbitrary web script or HTML via\nthe \"time\" parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment process.\nA specially-crafted WAR file could, when deployed, cause a file to be\ncreated outside of the web root into any directory writable by the Tomcat\nuser, or could lead to the deletion of files in the Tomcat host's work\ndirectory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Tomcat must be restarted for\nthis update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2010-August/053777.html\nhttps://lists.centos.org/pipermail/centos-announce/2010-August/053778.html\n\n**Affected packages:**\ntomcat5\ntomcat5-admin-webapps\ntomcat5-common-lib\ntomcat5-jasper\ntomcat5-jasper-javadoc\ntomcat5-jsp-2.0-api\ntomcat5-jsp-2.0-api-javadoc\ntomcat5-server-lib\ntomcat5-servlet-2.4-api\ntomcat5-servlet-2.4-api-javadoc\ntomcat5-webapps\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2010:0580", "cvss3": {}, "published": "2010-08-03T00:39:04", "type": "centos", "title": "tomcat5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0781", "CVE-2009-2693", "CVE-2009-2696", "CVE-2009-2902", "CVE-2010-2227"], "modified": "2010-08-03T00:39:04", "id": "CESA-2010:0580", "href": "https://lists.centos.org/pipermail/centos-announce/2010-August/053777.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:59:00", "description": "Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and\n6.0.0 through 6.0.20 allows remote attackers to delete work-directory files\nvia directory traversal sequences in a WAR filename, as demonstrated by the\n...war filename.", "cvss3": {}, "published": "2010-01-28T00:00:00", "type": "ubuntucve", "title": "CVE-2009-2902", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2902"], "modified": "2010-01-28T00:00:00", "id": "UB:CVE-2009-2902", "href": "https://ubuntu.com/security/CVE-2009-2902", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-11-22T21:59:00", "description": "Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and\n6.0.0 through 6.0.20 allows remote attackers to create or overwrite\narbitrary files via a .. (dot dot) in an entry in a WAR file, as\ndemonstrated by a ../../bin/catalina.bat entry.", "cvss3": {}, "published": "2010-01-28T00:00:00", "type": "ubuntucve", "title": "CVE-2009-2693", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2693"], "modified": "2010-01-28T00:00:00", "id": "UB:CVE-2009-2693", "href": "https://ubuntu.com/security/CVE-2009-2693", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-11-22T21:59:00", "description": "The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0\nthrough 6.0.20, when autoDeploy is enabled, deploys appBase files that\nremain from a failed undeploy, which might allow remote attackers to bypass\nintended authentication requirements via HTTP requests.", "cvss3": {}, "published": "2010-01-28T00:00:00", "type": "ubuntucve", "title": "CVE-2009-2901", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2901"], "modified": "2010-01-28T00:00:00", "id": "UB:CVE-2009-2901", "href": "https://ubuntu.com/security/CVE-2009-2901", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2022-03-23T21:32:33", "description": "Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.", "cvss3": {}, "published": "2010-01-28T20:30:00", "type": "cve", "title": "CVE-2009-2902", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2902"], "modified": "2019-03-25T11:31:00", "cpe": ["cpe:/a:apache:tomcat:5.5.9", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:5.5.6", "cpe:/a:apache:tomcat:5.5.13", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:5.5.15", "cpe:/a:apache:tomcat:5.5.17", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:5.5.2", "cpe:/a:apache:tomcat:5.5.22", "cpe:/a:apache:tomcat:5.5.16", "cpe:/a:apache:tomcat:5.5.10", "cpe:/a:apache:tomcat:5.5.23", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:5.5.27", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:5.5.21", "cpe:/a:apache:tomcat:5.5.28", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:5.5.18", "cpe:/a:apache:tomcat:5.5.26", "cpe:/a:apache:tomcat:5.5.5", "cpe:/a:apache:tomcat:5.5.7", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:5.5.0", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:5.5.1", "cpe:/a:apache:tomcat:5.5.8", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:5.5.25", "cpe:/a:apache:tomcat:5.5.4", "cpe:/a:apache:tomcat:5.5.11", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:5.5.24", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:5.5.19", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:5.5.12", "cpe:/a:apache:tomcat:5.5.3", "cpe:/a:apache:tomcat:5.5.20", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:6.0.9", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:5.5.14", "cpe:/a:apache:tomcat:6.0.5"], "id": "CVE-2009-2902", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2902", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T21:31:37", "description": "Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.", "cvss3": {}, "published": "2010-01-28T20:30:00", "type": "cve", "title": "CVE-2009-2693", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2693"], "modified": "2019-03-25T11:30:00", "cpe": ["cpe:/a:apache:tomcat:5.5.9", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:5.5.6", "cpe:/a:apache:tomcat:5.5.13", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:5.5.17", "cpe:/a:apache:tomcat:5.5.15", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:5.5.2", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:5.5.10", "cpe:/a:apache:tomcat:5.5.23", "cpe:/a:apache:tomcat:5.5.16", "cpe:/a:apache:tomcat:5.5.22", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:5.5.28", "cpe:/a:apache:tomcat:5.5.27", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:5.5.21", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:5.5.18", "cpe:/a:apache:tomcat:5.5.26", "cpe:/a:apache:tomcat:5.5.5", "cpe:/a:apache:tomcat:5.5.7", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:5.5.0", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:5.5.1", "cpe:/a:apache:tomcat:5.5.8", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:5.5.25", "cpe:/a:apache:tomcat:5.5.4", "cpe:/a:apache:tomcat:5.5.11", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:5.5.24", "cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:5.5.19", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:5.5.3", "cpe:/a:apache:tomcat:5.5.20", "cpe:/a:apache:tomcat:5.5.12", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:6.0.9", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:5.5.14", "cpe:/a:apache:tomcat:6.0.5"], "id": "CVE-2009-2693", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2693", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T21:32:33", "description": "The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.", "cvss3": {}, "published": "2010-01-28T20:30:00", "type": "cve", "title": "CVE-2009-2901", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2901"], "modified": "2019-03-25T11:30:00", "cpe": ["cpe:/a:apache:tomcat:5.5.9", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:5.5.6", "cpe:/a:apache:tomcat:5.5.13", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:5.5.15", "cpe:/a:apache:tomcat:5.5.17", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:5.5.2", "cpe:/a:apache:tomcat:5.5.22", "cpe:/a:apache:tomcat:5.5.16", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:5.5.10", "cpe:/a:apache:tomcat:5.5.23", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:5.5.27", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:5.5.21", "cpe:/a:apache:tomcat:5.5.28", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:5.5.18", "cpe:/a:apache:tomcat:5.5.26", "cpe:/a:apache:tomcat:5.5.5", "cpe:/a:apache:tomcat:5.5.7", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:5.5.0", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:5.5.1", "cpe:/a:apache:tomcat:5.5.8", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:5.5.25", "cpe:/a:apache:tomcat:5.5.11", "cpe:/a:apache:tomcat:5.5.4", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:5.5.24", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:5.5.19", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:5.5.12", "cpe:/a:apache:tomcat:5.5.3", "cpe:/a:apache:tomcat:5.5.20", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:6.0.9", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:5.5.14", "cpe:/a:apache:tomcat:6.0.5"], "id": "CVE-2009-2901", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2901", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*"]}], "debian": [{"lastseen": "2021-10-22T00:24:43", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2207-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 30, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat5.5\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783 CVE-2009-2693 CVE-2009-2902 CVE-2010-1157 CVE-2010-2227\n\nVarious vulnerabilities have been discovered in the Tomcat Servlet and \nJSP engine, resulting in denial of service, cross-site scripting, \ninformation disclosure and WAR file traversal. Further details on the\nindividual security issues can be found at \nhttp://tomcat.apache.org/security-5.html.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 5.5.26-5lenny2.\n\nThe stable distribution (squeeze) no longer contains tomcat5.5. tomcat6\nis already fixed.\n\nThe unstable distribution (sid) no longer contains tomcat5.5. tomcat6\nis already fixed.\n\nWe recommend that you upgrade your tomcat5.5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 4.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.4}, "published": "2011-03-29T22:35:34", "type": "debian", "title": "[SECURITY] [DSA 2207-1] tomcat5.5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-2693", "CVE-2009-2902", "CVE-2010-1157", "CVE-2010-2227"], "modified": "2011-03-29T22:35:34", "id": "DEBIAN:DSA-2207-1:6DF41", "href": "https://lists.debian.org/debian-security-announce/2011/msg00075.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:12:44", "description": "### Background\n\nApache Tomcat is a Servlet-3.0/JSP-2.2 Container.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nThe vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server\u2019s hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Apache Tomcat 6.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-6.0.35\"\n \n\nAll Apache Tomcat 7.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-7.0.23\"", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 4.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.4}, "published": "2012-06-24T00:00:00", "type": "gentoo", "title": "Apache Tomcat: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2010-1157", "CVE-2010-2227", "CVE-2010-3718", "CVE-2010-4172", "CVE-2010-4312", "CVE-2011-0013", "CVE-2011-0534", "CVE-2011-1088", "CVE-2011-1183", "CVE-2011-1184", "CVE-2011-1419", "CVE-2011-1475", "CVE-2011-1582", "CVE-2011-2204", "CVE-2011-2481", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2016-03-20T00:00:00", "id": "GLSA-201206-24", "href": "https://security.gentoo.org/glsa/201206-24", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2018-10-06T23:08:12", "description": "Apple Mega Patch Covers 88 Mac OS X Vulnerabilities\n\nApple today released one of its biggest Mac OS X security updates in recent memory, covering a whopping with fixes for 88 documented vulnerabilities.\n\nThe Mac OS X v10.6.3 update, which is considered \u201ccritical,\u201d covers flaws that could lead to remote code execution, information disclosure and denial-of-service attacks.\n\nSecurity Update 2010-002 / Mac OS X v10.6.3 is now available and\n\naddresses the following:\n\nAppKit\n\nCVE-ID: CVE-2010-0056\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Spell checking a maliciously crafted document may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow exists in the spell checking feature\n\nused by Cocoa applications. Spell checking a maliciously crafted\n\ndocument may lead to an unexpected application termination or\n\narbitrary code execution. This issue is addressed through improved\n\nbounds checking. This issue does not affect Mac OS X v10.6 systems.\n\nCredit: Apple.\n\nApplication Firewall\n\nCVE-ID: CVE-2009-2801\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Certain rules in the Application Firewall may become\n\ninactive after restart\n\nDescription: A timing issue in the Application Firewall may cause\n\ncertain rules to become inactive after reboot. The issue is addressed\n\nthrough improved handling of Firewall rules. This issue does not\n\naffect Mac OS X v10.6 systems. Credit to Michael Kisor of\n\nOrganicOrb.com for reporting this issue.\n\nAFP Server\n\nCVE-ID: CVE-2010-0057\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: When guest access is disabled, a remote user may be able to\n\nmount AFP shares as a guest\n\nDescription: An access control issue in AFP Server may allow a\n\nremote user to mount AFP shares as a guest, even if guest access is\n\ndisabled. This issue is addressed through improved access control\n\nchecks. Credit: Apple.\n\nAFP Server\n\nCVE-ID: CVE-2010-0533\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A remote user with guest access to an AFP share may access\n\nthe contents of world-readable files outside the Public share\n\nDescription: A directory traversal issue exists in the path\n\nvalidation for AFP shares. A remote user may enumerate the parent\n\ndirectory of the share root, and read or write files within that\n\ndirectory that are accessible to the \u2018nobody\u2019 user. This issue is\n\naddressed through improved handling of file paths. Credit to Patrik\n\nKarlsson of cqure.net for reporting this issue.\n\nApache\n\nCVE-ID: CVE-2009-3095\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may be able to bypass access control\n\nrestrictions\n\nDescription: An input validation issue exists in Apache\u2019s handling\n\nof proxied FTP requests. A remote attacker with the ability to issue\n\nrequests through the proxy may be able to bypass access control\n\nrestrictions specified in the Apache configuration. This issue is\n\naddressed by updating Apache to version 2.2.14.\n\nClamAV\n\nCVE-ID: CVE-2010-0058\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: ClamAV virus definitions may not receive updates\n\nDescription: A configuration issue introduced in Security Update\n\n2009-005 prevents freshclam from running. This may prevent virus\n\ndefinitions from being updated. This issue is addressed by updating\n\nfreshclam\u2019s launchd plist ProgramArguments key values. This issue\n\ndoes not affect Mac OS X v10.6 systems. Credit to Bayard Bell, Wil\n\nShipley of Delicious Monster, and David Ferrero of Zion Software, LLC\n\nfor reporting this issue.\n\nCoreAudio\n\nCVE-ID: CVE-2010-0059\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Playing maliciously crafted audio content may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nQDM2 encoded audio content. Playing maliciously crafted audio content\n\nmay lead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed through improved bounds checking.\n\nCredit to an anonymous researcher working with TippingPoint\u2019s Zero\n\nDay Initiative for reporting this issue.\n\nCoreAudio\n\nCVE-ID: CVE-2010-0060\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Playing maliciously crafted audio content may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nQDMC encoded audio content. Playing maliciously crafted audio content\n\nmay lead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed through improved bounds checking.\n\nCredit to an anonymous researcher working with TippingPoint\u2019s Zero\n\nDay Initiative for reporting this issue.\n\nCoreMedia\n\nCVE-ID: CVE-2010-0062\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in CoreMedia\u2019s handling\n\nof H.263 encoded movie files. Viewing a maliciously crafted movie\n\nfile may lead to an unexpected application termination or arbitrary\n\ncode execution. This issue is addressed by performing additional\n\nvalidation of H.263 encoded movie files. Credit to Damian Put working\n\nwith TippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nCoreTypes\n\nCVE-ID: CVE-2010-0063\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Users are not warned before opening certain potentially\n\nunsafe content types\n\nDescription: This update adds .ibplugin and .url to the system\u2019s\n\nlist of content types that will be flagged as potentially unsafe\n\nunder certain circumstances, such as when they are downloaded from a\n\nweb page. While these content types are not automatically launched,\n\nif manually opened they could lead to the execution of a malicious\n\nJavaScript payload or arbitrary code execution. This update improves\n\nthe system\u2019s ability to notify users before handling content types\n\nused by Safari. Credit to Clint Ruoho of Laconic Security for\n\nreporting this issue.\n\nCUPS\n\nCVE-ID: CVE-2010-0393\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A local user may be able to obtain system privileges\n\nDescription: A format string issue exists in the lppasswd CUPS\n\nutility. This may allow a local user to obtain system privileges. Mac\n\nOS X v10.6 systems are only affected if the setuid bit has been set\n\non the binary. This issue is addressed by using default directories\n\nwhen running as a setuid process. Credit to Ronald Volgers for\n\nreporting this issue.\n\ncurl\n\nCVE-ID: CVE-2009-2417\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A man-in-the-middle attacker may be able to impersonate a\n\ntrusted server\n\nDescription: A canonicalization issue exists in curl\u2019s handling of\n\nNULL characters in the subject\u2019s Common Name (CN) field of X.509\n\ncertificates. This may lead to man-in-the-middle attacks against\n\nusers of the curl command line tool, or applications using libcurl.\n\nThis issue is addressed through improved handling of NULL characters.\n\ncurl\n\nCVE-ID: CVE-2009-0037\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Using curl with -L may allow a remote attacker to read or\n\nwrite local files\n\nDescription: curl will follow HTTP and HTTPS redirects when used\n\nwith the -L option. When curl follows a redirect, it allows file://\n\nURLs. This may allow a remote attacker to access local files. This\n\nissue is addressed through improved validation of redirects. This\n\nissue does not affect Mac OS X v10.6 systems. Credit to Daniel\n\nStenberg of Haxx AB for reporting this issue.\n\nCyrus IMAP\n\nCVE-ID: CVE-2009-2632\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: A local user may be able to obtain the privileges of the\n\nCyrus user\n\nDescription: A buffer overflow exists in the handling of sieve\n\nscripts. By running a maliciously crafted sieve script, a local user\n\nmay be able to obtain the privileges of the Cyrus user. This issue is\n\naddressed through improved bounds checking. This issue does not\n\naffect Mac OS X v10.6 systems.\n\nCyrus SASL\n\nCVE-ID: CVE-2009-0688\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: An unauthenticated remote attacker may cause unexpected\n\napplication termination or arbitrary code execution\n\nDescription: A buffer overflow exists in the Cyrus SASL\n\nauthentication module. Using Cyrus SASL authentication may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed through improved bounds checking. This issue does\n\nnot affect Mac OS X v10.6 systems.\n\nDesktopServices\n\nCVE-ID: CVE-2010-0064\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Items copied in the Finder may be assigned an unexpected\n\nfile owner\n\nDescription: When performing an authenticated copy in the Finder,\n\noriginal file ownership may be unexpectedly copied. This update\n\naddresses the issue by ensuring that copied files are owned by the\n\nuser performing the copy. This issue does not affect systems prior to\n\nMac OS X v10.6. Credit to Gerrit DeWitt of Auburn University (Auburn,\n\nAL) for reporting this issue.\n\nDesktopServices\n\nCVE-ID: CVE-2010-0537\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may gain access to user data via a multi-\n\nstage attack\n\nDescription: A path resolution issue in DesktopServices is\n\nvulnerable to a multi-stage attack. A remote attacker must first\n\nentice the user to mount an arbitrarily named share, which may be\n\ndone via a URL scheme. When saving a file using the default save\n\npanel in any application, and using \u201cGo to folder\u201d or dragging\n\nfolders to the save panel, the data may be unexpectedly saved to the\n\nmalicious share. This issue is addressed through improved path\n\nresolution. This issue does not affect systems prior to Mac OS X\n\nv10.6. Credit to Sidney San Martin working with DeepTech, Inc. for\n\nreporting this issue.\n\nDisk Images\n\nCVE-ID: CVE-2010-0065\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Mounting a maliciously crafted disk image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nbzip2 compressed disk images. Mounting a maliciously crafted disk\n\nimage may lead to an unexpected application termination or arbitrary\n\ncode execution. This issue is addressed through improved bounds\n\nchecking. Credit: Apple.\n\nDisk Images\n\nCVE-ID: CVE-2010-0497\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Mounting a maliciously crafted disk image may lead to\n\narbitrary code execution\n\nDescription: A design issue exists in the handling of internet\n\nenabled disk images. Mounting an internet enabled disk image\n\ncontaining a package file type will open it rather than revealing it\n\nin the Finder. This file quarantine feature helps to mitigate this\n\nissue by providing a warning dialog for unsafe file types. This issue\n\nis addressed through improved handling of package file types on\n\ninternet enabled disk images. Credit to Brian Mastenbrook working\n\nwith TippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nDirectory Services\n\nCVE-ID: CVE-2010-0498\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A local user may obtain system privileges\n\nDescription: An authorization issue in Directory Services\u2019 handling\n\nof record names may allow a local user to obtain system privileges.\n\nThis issue is addressed through improved authorization checks.\n\nCredit: Apple.\n\nDovecot\n\nCVE-ID: CVE-2010-0535\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: An authenticated user may be able to send and receive mail\n\neven if the user is not on the SACL of users who are permitted to do\n\nso\n\nDescription: An access control issue exists in Dovecot when Kerberos\n\nauthentication is enabled. This may allow an authenticated user to\n\nsend and receive mail even if the user is not on the service access\n\ncontrol list (SACL) of users who are permitted to do so. This issue\n\nis addressed through improved access control checks. This issue does\n\nnot affect systems prior to Mac OS X v10.6.\n\nEvent Monitor\n\nCVE-ID: CVE-2010-0500\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may cause arbitrary systems to be added to\n\nthe firewall blacklist\n\nDescription: A reverse DNS lookup is performed on remote ssh clients\n\nthat fail to authenticate. A plist injection issue exists in the\n\nhandling of resolved DNS names. This may allow a remote attacker to\n\ncause arbitrary systems to be added to the firewall blacklist. This\n\nissue is addressed by properly escaping resolved DNS names. Credit:\n\nApple.\n\nFreeRADIUS\n\nCVE-ID: CVE-2010-0524\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may obtain access to a network via RADIUS\n\nauthentication\n\nDescription: A certificate authentication issue exists in the\n\ndefault Mac OS X configuration of the FreeRADIUS server. A remote\n\nattacker may use EAP-TLS with an arbitrary valid certificate to\n\nauthenticate and connect to a network configured to use FreeRADIUS\n\nfor authentication. This issue is addressed by disabling support for\n\nEAP-TLS in the configuration. RADIUS clients should use EAP-TTLS\n\ninstead. This issue only affects Mac OS X Server systems. Credit to\n\nChris Linstruth of Qnet for reporting this issue.\n\nFTP Server\n\nCVE-ID: CVE-2010-0501\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Users may be able to retrieve files outside the FTP root\n\ndirectory\n\nDescription: A directory traversal issue exists in FTP Server. This\n\nmay allow a user to retrieve files outside the FTP root directory.\n\nThis issue is addressed through improved handling of file names. This\n\nissue only affects Mac OS X Server systems. Credit: Apple.\n\niChat Server\n\nCVE-ID: CVE-2006-1329\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: An implementation issue exists in jabberd\u2019s handling of\n\nSASL negotiation. A remote attacker may be able to terminate the\n\noperation of jabberd. This issue is addressed through improved\n\nhandling of SASL negotiation. This issue only affects Mac OS X Server\n\nsystems.\n\niChat Server\n\nCVE-ID: CVE-2010-0502\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Chat messages may not be logged\n\nDescription: A design issue exists in iChat Server\u2019s support for\n\nconfigurable group chat logging. iChat Server only logs messages with\n\ncertain message types. This may allow a remote user to send a message\n\nthrough the server without it being logged. The issue is addressed by\n\nremoving the capability to disable group chat logs, and logging all\n\nmessages that are sent through the server. This issue only affects\n\nMac OS X Server systems. Credit: Apple.\n\niChat Server\n\nCVE-ID: CVE-2010-0503\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: An authenticated user may be able to cause an unexpected\n\napplication termination or arbitrary code execution\n\nDescription: A use-after-free issue exists in iChat Server. An\n\nauthenticated user may be able to cause an unexpected application\n\ntermination or arbitrary code execution. This issue is addressed\n\nthrough improved memory reference tracking. This issue only affects\n\nMac OS X Server systems, and does not affect versions 10.6 or later.\n\niChat Server\n\nCVE-ID: CVE-2010-0504\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: An authenticated user may be able to cause an unexpected\n\napplication termination or arbitrary code execution\n\nDescription: Multiple stack buffer overflow issues exist in iChat\n\nServer. An authenticated user may be able to cause an unexpected\n\napplication termination or arbitrary code execution. These issues are\n\naddressed through improved memory management. These issues only\n\naffect Mac OS X Server systems. Credit: Apple.\n\nImageIO\n\nCVE-ID: CVE-2010-0505\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted JP2 image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in the handling of JP2\n\nimages. Viewing a maliciously crafted JP2 image may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed through improved bounds checking. Credit to Chris\n\nRies of Carnegie Mellon University Computing Service, and researcher\n\n\u201c85319bb6e6ab398b334509c50afce5259d42756e\u201d working with\n\nTippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nImageIO\n\nCVE-ID: CVE-2010-0041\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Visiting a maliciously crafted website may result in sending\n\ndata from Safari\u2019s memory to the website\n\nDescription: An uninitialized memory access issue exists in\n\nImageIO\u2019s handling of BMP images. Visiting a maliciously crafted\n\nwebsite may result in sending data from Safari\u2019s memory to the\n\nwebsite. This issue is addressed through improved memory\n\ninitialization and additional validation of BMP images. Credit to\n\nMatthew \u2018j00ru\u2019 Jurczyk of Hispasec for reporting this issue.\n\nImageIO\n\nCVE-ID: CVE-2010-0042\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Visiting a maliciously crafted website may result in sending\n\ndata from Safari\u2019s memory to the website\n\nDescription: An uninitialized memory access issue exists in\n\nImageIO\u2019s handling of TIFF images. Visiting a maliciously crafted\n\nwebsite may result in sending data from Safari\u2019s memory to the\n\nwebsite. This issue is addressed through improved memory\n\ninitialization and additional validation of TIFF images. Credit to\n\nMatthew \u2018j00ru\u2019 Jurczyk of Hispasec for reporting this issue.\n\nImageIO\n\nCVE-ID: CVE-2010-0043\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Processing a maliciously crafted TIFF image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nTIFF images. Processing a maliciously crafted TIFF image may lead to\n\nan unexpected application termination or arbitrary code execution.\n\nThis issue is addressed through improved memory handling. This issue\n\ndoes not affect systems prior to Mac OS X v10.6. Credit to Gus\n\nMueller of Flying Meat for reporting this issue.\n\nImage RAW\n\nCVE-ID: CVE-2010-0506\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Viewing a maliciously crafted NEF image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow exists in Image RAW\u2019s handling of NEF\n\nimages. Viewing a maliciously crafted NEF image may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed through improved bounds checking. This issue does\n\nnot affect Mac OS X v10.6 systems. Credit: Apple.\n\nImage RAW\n\nCVE-ID: CVE-2010-0507\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted PEF image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow exists in Image RAW\u2019s handling of PEF\n\nimages. Viewing a maliciously crafted PEF image may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed through improved bounds checking. Credit to Chris\n\nRies of Carnegie Mellon University Computing Services for reporting\n\nthis issue.\n\nLibsystem\n\nCVE-ID: CVE-2009-0689\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Applications that convert untrusted data between binary\n\nfloating point and text may be vulnerable to an unexpected\n\napplication termination or arbitrary code execution\n\nDescription: A buffer overflow exists in the floating point binary\n\nto text conversion code within Libsystem. An attacker who can cause\n\nan application to convert a floating point value into a long string,\n\nor to parse a maliciously crafted string as a floating point value,\n\nmay be able to cause an unexpected application termination or\n\narbitrary code execution. This issue is addressed through improved\n\nbounds checking. Credit to Maksymilian Arciemowicz of\n\nSecurityReason.com for reporting this issue.\n\nMail\n\nCVE-ID: CVE-2010-0508\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Rules associated with a deleted mail account remain in\n\neffect\n\nDescription: When a mail account is deleted, user-defined filter\n\nrules associated with that account remain active. This may result in\n\nunexpected actions. This issue is addressed by disabling associated\n\nrules when a mail account is deleted.\n\nMail\n\nCVE-ID: CVE-2010-0525\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Mail may use a weaker encryption key for outgoing email\n\nDescription: A logic issue exists in Mail\u2019s handling of encryption\n\ncertificates. When multiple certificates for the recipient exist in\n\nthe keychain, Mail may select an encryption key that is not intended\n\nfor encipherment. This may lead to a security issue if the chosen key\n\nis weaker than expected. This issue is addressed by ensuring that the\n\nkey usage extension within certificates is evaluated when selecting a\n\nmail encryption key. Credit to Paul Suh of ps Enable, Inc. for\n\nreporting this issue.\n\nMailman\n\nCVE-ID: CVE-2008-0564\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: Multiple vulnerabilities in Mailman 2.1.9\n\nDescription: Multiple cross-site scripting issues exist in Mailman\n\n2.1.9. These issues are addressed by updating Mailman to version\n\n2.1.13. Further information is available via the Mailman site at\n\nhttp://mail.python.org/pipermail/mailman-\n\nannounce/2009-January/000128.html These issues only affect Mac OS X\n\nServer systems, and do not affect versions 10.6 or later.\n\nMySQL\n\nCVE-ID: CVE-2008-4456, CVE-2008-7247, CVE-2009-2446, CVE-2009-4019,\n\nCVE-2009-4030\n\nAvailable for: Mac OS X Server v10.6 through v10.6.2\n\nImpact: Multiple vulnerabilities in MySQL 5.0.82\n\nDescription: MySQL is updated to version 5.0.88 to address multiple\n\nvulnerabilities, the most serious of which may lead to arbitrary code\n\nexecution. These issues only affect Mac OS X Server systems. Further\n\ninformation is available via the MySQL web site at\n\nhttp://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html\n\nOS Services\n\nCVE-ID: CVE-2010-0509\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A local user may be able to obtain elevated privileges\n\nDescription: A privilege escalation issue exists in SFLServer, as it\n\nruns as group \u2018wheel\u2019 and accesses files in users\u2019 home directories.\n\nThis issue is addressed through improved privilege management. Credit\n\nto Kevin Finisterre of DigitalMunition for reporting this issue.\n\nPassword Server\n\nCVE-ID: CVE-2010-0510\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may be able to log in with an outdated\n\npassword\n\nDescription: An implementation issue in Password Server\u2019s handling\n\nof replication may cause passwords to not be replicated. A remote\n\nattacker may be able to log in to a system using an outdated\n\npassword. This issue is addressed through improved handling of\n\npassword replication. This issue only affects Mac OS X Server\n\nsystems. Credit to Jack Johnson of Anchorage School District for\n\nreporting this issue.\n\nperl\n\nCVE-ID: CVE-2008-5302, CVE-2008-5303\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: A local user may cause arbitrary files to be deleted\n\nDescription: Multiple race condition issues exist in the rmtree\n\nfunction of the perl module File::Path. A local user with write\n\naccess to a directory that is being deleted may cause arbitrary files\n\nto be removed with the privileges of the perl process. This issue is\n\naddressed through improved handling of symbolic links. This issue\n\ndoes not affect Mac OS X v10.6 systems.\n\nPHP\n\nCVE-ID: CVE-2009-3557, CVE-2009-3558, CVE-2009-3559, CVE-2009-4017\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Multiple vulnerabilities in PHP 5.3.0\n\nDescription: PHP is updated to version 5.3.1 to address multiple\n\nvulnerabilities, the most serious of which may lead to arbitary code\n\nexecution. Further information is available via the PHP website at\n\nhttp://www.php.net/\n\nPHP\n\nCVE-ID: CVE-2009-3557, CVE-2009-3558, CVE-2009-3559, CVE-2009-4142,\n\nCVE-2009-4143\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Multiple vulnerabilities in PHP 5.2.11\n\nDescription: PHP is updated to version 5.2.12 to address multiple\n\nvulnerabilities, the most serious of which may lead to cross-site\n\nscripting. Further information is available via the PHP website at\n\nhttp://www.php.net/\n\nPodcast Producer\n\nCVE-ID: CVE-2010-0511\n\nAvailable for: Mac OS X Server v10.6 through v10.6.2\n\nImpact: An unauthorized user may be able to access a Podcast\n\nComposer workflow\n\nDescription: When a Podcast Composer workflow is overwritten, the\n\naccess restrictions are removed. This may allow an unauthorized user\n\nto access a Podcast Composer workflow. This issue is addressed\n\nthrough improved handling of workflow access restrictions. Podcast\n\nComposer was introduced in Mac OS X Server v10.6.\n\nPreferences\n\nCVE-ID: CVE-2010-0512\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A network user may be able to bypass system login\n\nrestrictions\n\nDescription: An implementation issue exists in the handling of\n\nsystem login restrictions for network accounts. If the network\n\naccounts allowed to log in to the system at the Login Window are\n\nidentified by group membership only, the restriction will not be\n\nenforced, and all network users will be allowed to log in to the\n\nsystem. The issue is addressed through improved group restriction\n\nmanagement in the Accounts preference pane. This issue only affects\n\nsystems configured to use a network account server, and does not\n\naffect systems prior to Mac OS X v10.6. Credit to Christopher D.\n\nGrieb of University of Michigan MSIS for reporting this issue.\n\nPS Normalizer\n\nCVE-ID: CVE-2010-0513\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted PostScript file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A stack buffer overflow exists in the handling of\n\nPostScript files. Viewing a maliciously crafted PostScript file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of PostScript files. On Mac OS X v10.6 systems this issue\n\nis mitigated by the -fstack-protector compiler flag. Credit: Apple.\n\nQuickTime\n\nCVE-ID: CVE-2010-0062\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in QuickTime\u2019s handling\n\nof H.263 encoded movie files. Viewing a maliciously crafted movie\n\nfile may lead to an unexpected application termination or arbitrary\n\ncode execution. This issue is addressed by performing additional\n\nvalidation of H.263 encoded movie files. Credit to Damian Put working\n\nwith TippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0514\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in the handling of H.261\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of H.261 encoded movie files. Credit to Will Dormann of\n\nthe CERT/CC for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0515\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption in the handling of H.264 encoded\n\nmovie files. Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed by performing additional validation of H.264\n\nencoded movie files.\n\nQuickTime\n\nCVE-ID: CVE-2010-0516\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow in the handling of RLE encoded\n\nmovie files. Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed by performing additional validation of RLE encoded\n\nmovie files. Credit to an anonymous researcher working with\n\nTippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0517\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow in the handling of M-JPEG\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of M-JPEG encoded movie files. Credit to Damian Put\n\nworking with TippingPoint\u2019s Zero Day Initiative for reporting this\n\nissue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0518\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nSorenson encoded movie files. Viewing a maliciously crafted movie\n\nfile may lead to an unexpected application termination or arbitrary\n\ncode execution. This issue is addressed by performing additional\n\nvalidation of Sorenson encoded movie files. Credit to Will Dormann of\n\nthe CERT/CC for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0519\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: An integer overflow exists in the handling of FlashPix\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed through improved bounds checking.\n\nCredit to an anonymous researcher working with TippingPoint\u2019s Zero\n\nDay Initiative for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0520\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in the handling of FLC\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of FLC encoded movie files. Credit to Moritz Jodeit of\n\nn.runs AG, working with TippingPoint\u2019s Zero Day Initiative, and\n\nNicols Joly of VUPEN Security for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0526\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted MPEG file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in the handling of MPEG\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of MPEG encoded movie files. Credit to an anonymous\n\nresearcher working with TippingPoint\u2019s Zero Day Initiative for\n\nreporting this issue.\n\nRuby\n\nCVE-ID: CVE-2009-2422, CVE-2009-3009, CVE-2009-4214\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Multiple issues in Ruby on Rails\n\nDescription: Multiple vulnerabilities exist in Ruby on Rails, the\n\nmost serious of which may lead to cross-site scripting. On Mac OS X\n\nv10.6 systems, these issues are addressed by updating Ruby on Rails\n\nto version 2.3.5. Mac OS X v10.5 systems are affected only by\n\nCVE-2009-4214, and this issue is addressed through improved\n\nvalidation of arguments to strip_tags.\n\nRuby\n\nCVE-ID: CVE-2009-1904\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Running a Ruby script that uses untrusted input to\n\ninitialize a BigDecimal object may lead to an unexpected application\n\ntermination\n\nDescription: A stack exhaustion issue exists in Ruby\u2019s handling of\n\nBigDecimal objects with very large values. Running a Ruby script that\n\nuses untrusted input to initialize a BigDecimal object may lead to an\n\nunexpected application termination. For Mac OS X v10.6 systems, this\n\nissue is addressed by updating Ruby to version 1.8.7-p173. For Mac OS\n\nv10.5 systems, this issue is addressed by updating Ruby to version\n\n1.8.6-p369.\n\nServer Admin\n\nCVE-ID: CVE-2010-0521\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may extract information from Open\n\nDirectory\n\nDescription: A design issue exists in the handling of authenticated\n\ndirectory binding. A remote attacker may be able to anonymously\n\nextract information from Open Directory, even if the \u201cRequire\n\nauthenticated binding between directory and clients\u201d option is\n\nenabled. The issue is addressed by removing this configuration\n\noption. This issue only affects Mac OS X Server systems. Credit to\n\nScott Gruby of Gruby Solutions, and Mathias Haack of GRAVIS\n\nComputervertriebsgesellschaft mbH for reporting this issue.\n\nServer Admin\n\nCVE-ID: CVE-2010-0522\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: A former administrator may have unauthorized access to\n\nscreen sharing\n\nDescription: A user who is removed from the \u2018admin\u2019 group may still\n\nconnect to the server using screen sharing. This issue is addressed\n\nthrough improved handling of administrator privileges. This issue\n\nonly affects Mac OS X Server systems, and does not affect version\n\n10.6 or later. Credit: Apple.\n\nSMB\n\nCVE-ID: CVE-2009-2906\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: An infinite loop issue exists in Samba\u2019s handling of\n\nSMB \u2018oplock\u2019 break notifications. A remote attacker may be able to\n\ntrigger an infinite loop in smbd, causing it to consume excessive CPU\n\nresources. The issue is addressed through improved handling of\n\n\u2018oplock\u2019 break notifications.\n\nTomcat\n\nCVE-ID: CVE-2009-0580, CVE-2009-0033, CVE-2009-0783, CVE-2008-5515,\n\nCVE-2009-0781, CVE-2009-2901, CVE-2009-2902, CVE-2009-2693\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Multiple vulnerabilities in Tomcat 6.0.18\n\nDescription: Tomcat is updated to version 6.0.24 to address multiple\n\nvulnerabilities, the most serious of which may lead to a cross site\n\nscripting attack. Tomcat is only provided on Mac OS X Server systems.\n\nFurther information is available via the Tomcat site at\n\nhttp://tomcat.apache.org/\n\nunzip\n\nCVE-ID: CVE-2008-0888\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Extracting maliciously crafted zip files using the unzip\n\ncommand tool may lead to an unexpected application termination or\n\ncode execution\n\nDescription: An uninitialized pointer issue exists is the handling\n\nof zip files. Extracting maliciously crafted zip files using the\n\nunzip command tool may lead to an unexpected application termination\n\nor arbitrary code execution. This issue is addressed by performing\n\nadditional validation of zip files. This issue does not affect Mac OS\n\nX v10.6 systems.\n\nvim\n\nCVE-ID: CVE-2008-2712, CVE-2008-4101, CVE-2009-0316\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Multiple vulnerabilities in vim 7.0\n\nDescription: Multiple vulnerabilities exist in vim 7.0, the most\n\nserious of which may lead to arbitrary code execution when working\n\nwith maliciously crafted files. These issues are addressed by\n\nupdating to vim 7.2.102. These issues do not affect Mac OS X v10.6\n\nsystems. Further information is available via the vim website at\n\nhttp://www.vim.org/\n\nWiki Server\n\nCVE-ID: CVE-2010-0523\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: Uploading a maliciously crafted applet may lead to the\n\ndisclosure of sensitive information\n\nDescription: Wiki Server allows users to upload active content such\n\nas Java applets. A remote attacker may obtain sensitive information\n\nby uploading a maliciously crafted applet and directing a Wiki Server\n\nuser to view it. The issue is addressed by restricting the file types\n\nthat may be uploaded to the Wiki Server. This issue only affects Mac\n\nOS X Server systems, and does not affect versions 10.6 or later.\n\nWiki Server\n\nCVE-ID: CVE-2010-0534\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: An authenticated user may bypass weblog creation\n\nrestrictions\n\nDescription: Wiki Server supports service access control lists\n\n(SACLs), allowing an administrator to control the publication of\n\ncontent. Wiki Server fails to consult the weblog SACL during the\n\ncreation of a user\u2019s weblog. This may allow an authenticated user to\n\npublish content to the Wiki Server, even though publication should be\n\ndisallowed by the service ACL. This issue does not affect systems\n\nprior to Mac OS X v10.6.\n\nX11\n\nCVE-ID: CVE-2009-2042\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted image may lead to the\n\ndisclosure of sensitive information\n\nDescription: libpng is updated to version 1.2.37 to address an issue\n\nthat may result in the disclosure of sensitive information. Further\n\ninformation is available via the libpng site at\n\nhttp://www.libpng.org/pub/png/libpng.html\n\nX11\n\nCVE-ID: CVE-2003-0063\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Displaying maliciously crafted data within an xterm terminal\n\nmay lead to arbitrary code execution\n\nDescription: The xterm program supports a command sequence to change\n\nthe window title, and to print the window title to the terminal. The\n\ninformation returned is provided to the terminal as though it were\n\nkeyboard input from the user. Within an xterm terminal, displaying\n\nmaliciously crafted data containing such sequences may result in\n\ncommand injection. The issue is addressed by disabling the affected\n\ncommand sequence.\n\nxar\n\nCVE-ID: CVE-2010-0055\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: A modified package may appear as validly signed\n\nDescription: A design issue exists in xar when validating a package\n\nsignature. This may allow a modified package to appear as validly\n\nsigned. This issue is fixed through improved package signature\n\nvalidation. This issue does not affect Mac OS X v10.6 systems.\n\nCredit: Apple.\n\nSecurity Update 2010-002 / Mac OS X v10.6.3 may be obtained from\n\nthe Software Update pane in System Preferences, or Apple\u2019s Software\n\nDownloads web site:\n\nhttp://www.apple.com/support/downloads/\n\n[](<https://threatpost.com/apple-mega-patch-covers-88-mac-os-x-vulnerabilities-032910/>)Apple today released one of its biggest Mac OS X security updates in recent memory, covering a whopping 88 documented vulnerabilities.\n\nThe Mac OS X v10.6.3 update, which is considered \u201ccritical,\u201d covers flaws that could lead to remote code execution, information disclosure and denial-of-service attacks.\n\nIn some scenarios, a malicious hacker could take complete control of a Mac-powered machine if a user simply views a malicious image or movie file.\n\nThe update covers critical vulnerabilities in AppKit, QuickTime,CoreMedia, CoreTypes, DiskImages, ImageIO and Image RAW.\n\nIt also covers holes in several open-source components, including Apache, ClamAV, MySQL, PHP.\n\nHere\u2019s [the full list](<http://support.apple.com/kb/HT4077>) of the patched vulnerabilities. \n\nThe Security Update 2010-002 / Mac OS X v10.6.3 may be obtained from the Software Update pane in System Preferences, or [Apple\u2019s Software Downloads](<site:http://www.apple.com/support/downloads/>) web page.\n", "cvss3": {}, "published": "2010-03-29T17:15:44", "type": "threatpost", "title": "Apple Mega Patch Covers 88 Mac OS X Vulnerabilities", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2003-0063", "CVE-2006-1329", "CVE-2008-0564", "CVE-2008-0888", "CVE-2008-2712", "CVE-2008-4101", "CVE-2008-4456", "CVE-2008-5302", "CVE-2008-5303", "CVE-2008-5515", "CVE-2008-7247", "CVE-2009-0033", "CVE-2009-0037", "CVE-2009-0316", "CVE-2009-0580", "CVE-2009-0688", "CVE-2009-0689", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-1904", "CVE-2009-2042", "CVE-2009-2417", "CVE-2009-2422", "CVE-2009-2446", "CVE-2009-2632", "CVE-2009-2693", "CVE-2009-2801", "CVE-2009-2901", "CVE-2009-2902", "CVE-2009-2906", "CVE-2009-3009", "CVE-2009-3095", "CVE-2009-3557", "CVE-2009-3558", "CVE-2009-3559", "CVE-2009-4017", "CVE-2009-4019", "CVE-2009-4030", "CVE-2009-4142", "CVE-2009-4143", "CVE-2009-4214", "CVE-2010-0041", "CVE-2010-0042", "CVE-2010-0043", "CVE-2010-0055", "CVE-2010-0056", "CVE-2010-0057", "CVE-2010-0058", "CVE-2010-0059", "CVE-2010-0060", "CVE-2010-0062", "CVE-2010-0063", "CVE-2010-0064", "CVE-2010-0065", "CVE-2010-0393", "CVE-2010-0497", "CVE-2010-0498", "CVE-2010-0500", "CVE-2010-0501", "CVE-2010-0502", "CVE-2010-0503", "CVE-2010-0504", "CVE-2010-0505", "CVE-2010-0506", "CVE-2010-0507", "CVE-2010-0508", "CVE-2010-0509", "CVE-2010-0510", "CVE-2010-0511", "CVE-2010-0512", "CVE-2010-0513", "CVE-2010-0514", "CVE-2010-0515", "CVE-2010-0516", "CVE-2010-0517", "CVE-2010-0518", "CVE-2010-0519", "CVE-2010-0520", "CVE-2010-0521", "CVE-2010-0522", "CVE-2010-0523", "CVE-2010-0524", "CVE-2010-0525", "CVE-2010-0526", "CVE-2010-0533", "CVE-2010-0534", "CVE-2010-0535", "CVE-2010-0537"], "modified": "2013-04-17T16:37:25", "id": "THREATPOST:4F867C686B7E31697E158FBD04A5DD35", "href": "https://threatpost.com/apple-mega-patch-covers-88-mac-os-x-vulnerabilities-032910/73753/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}