Fixed in Apache Tomcat 7.0.12

2011-04-06T00:00:00

Description

**Important: Information disclosure** [CVE-2011-1475](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1475>) Changes introduced to the HTTP BIO connector to support Servlet 3.0 asynchronous requests did not fully account for HTTP pipelining. As a result, when using HTTP pipelining a range of unexpected behaviours occurred including the mixing up of responses between requests. While the mix-up in responses was only observed between requests from the same user, a mix-up of responses for requests from different users may also be possible. This was fixed in revisions [1086349](<https://svn.apache.org/viewvc?view=rev&rev=1086349>) and [1086352](<https://svn.apache.org/viewvc?view=rev&rev=1086352>). (Note: HTTP pipelined requests are still likely to fail with the HTTP BIO connector but will do so in a secure manner.) This was reported publicly on the Tomcat Bugzilla issue tracker on 22 Mar 2011. Affects: 7.0.0-7.0.11 **Moderate: Multiple weaknesses in HTTP DIGEST authentication** [CVE-2011-1184](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184>) Note: Mitre elected to break this issue down into multiple issues and have allocated the following additional references to parts of this issue: [CVE-2011-5062](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5062>), [CVE-2011-5063](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5063>) and [CVE-2011-5064](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5064>). The Apache Tomcat security team will continue to treat this as a single issue using the reference [CVE-2011-1184](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184>). The implementation of HTTP DIGEST authentication was discovered to have several weaknesses: * replay attacks were permitted * server nonces were not checked * client nonce counts were not checked * qop values were not checked * realm values were not checked * the server secret was hard-coded to a known string The result of these weaknesses is that DIGEST authentication was only as secure as BASIC authentication. This was fixed in [revision 1087655](<https://svn.apache.org/viewvc?view=rev&rev=1087655>). This was identified by the Tomcat security team on 16 March 2011 and made public on 26 September 2011. Affects: 7.0.0-7.0.11 **Important: Security constraint bypass** [CVE-2011-1183](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1183>) A regression in the fix for CVE-2011-1088 meant that security constraints were ignored when no login configuration was present in the web.xml and the web application was marked as meta-data complete. This was fixed in [revision 1087643](<https://svn.apache.org/viewvc?view=rev&rev=1087643>). This was identified by the Tomcat security team on 17 March 2011 and made public on 6 April 2011. Affects: 7.0.11

Affected Software

CPE Name	Name	Version
	apache tomcat	7.0.0
	apache tomcat	7.0.11
	apache tomcat	7.0.11

{"id": "TOMCAT:17C084F4766F9132988E022F51470E73", "vendorId": null, "type": "tomcat", "bulletinFamily": "software", "title": "Fixed in Apache Tomcat 7.0.12", "description": "**Important: Information disclosure** [CVE-2011-1475](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1475>)\n\nChanges introduced to the HTTP BIO connector to support Servlet 3.0 asynchronous requests did not fully account for HTTP pipelining. As a result, when using HTTP pipelining a range of unexpected behaviours occurred including the mixing up of responses between requests. While the mix-up in responses was only observed between requests from the same user, a mix-up of responses for requests from different users may also be possible.\n\nThis was fixed in revisions [1086349](<https://svn.apache.org/viewvc?view=rev&rev=1086349>) and [1086352](<https://svn.apache.org/viewvc?view=rev&rev=1086352>). (Note: HTTP pipelined requests are still likely to fail with the HTTP BIO connector but will do so in a secure manner.)\n\nThis was reported publicly on the Tomcat Bugzilla issue tracker on 22 Mar 2011.\n\nAffects: 7.0.0-7.0.11\n\n**Moderate: Multiple weaknesses in HTTP DIGEST authentication** [CVE-2011-1184](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184>)\n\nNote: Mitre elected to break this issue down into multiple issues and have allocated the following additional references to parts of this issue: [CVE-2011-5062](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5062>), [CVE-2011-5063](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5063>) and [CVE-2011-5064](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5064>). The Apache Tomcat security team will continue to treat this as a single issue using the reference [CVE-2011-1184](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184>).\n\nThe implementation of HTTP DIGEST authentication was discovered to have several weaknesses: \n\n * replay attacks were permitted\n * server nonces were not checked\n * client nonce counts were not checked\n * qop values were not checked\n * realm values were not checked\n * the server secret was hard-coded to a known string\n\nThe result of these weaknesses is that DIGEST authentication was only as secure as BASIC authentication. \n\nThis was fixed in [revision 1087655](<https://svn.apache.org/viewvc?view=rev&rev=1087655>).\n\nThis was identified by the Tomcat security team on 16 March 2011 and made public on 26 September 2011.\n\nAffects: 7.0.0-7.0.11\n\n**Important: Security constraint bypass** [CVE-2011-1183](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1183>)\n\nA regression in the fix for CVE-2011-1088 meant that security constraints were ignored when no login configuration was present in the web.xml and the web application was marked as meta-data complete.\n\nThis was fixed in [revision 1087643](<https://svn.apache.org/viewvc?view=rev&rev=1087643>).\n\nThis was identified by the Tomcat security team on 17 March 2011 and made public on 6 April 2011.\n\nAffects: 7.0.11", "published": "2011-04-06T00:00:00", "modified": "2011-04-06T00:00:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "href": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.12", "reporter": "Apache Tomcat", "references": [], "cvelist": ["CVE-2011-1088", "CVE-2011-1183", "CVE-2011-1184", "CVE-2011-1475", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "immutableFields": [], "lastseen": "2021-12-30T15:23:03", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2011-025"]}, {"type": "centos", "idList": ["CESA-2011:1780", "CESA-2011:1845"]}, {"type": "cve", "idList": ["CVE-2011-1088", "CVE-2011-1183", "CVE-2011-1184", "CVE-2011-1419", "CVE-2011-1475", "CVE-2011-1582", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-5885"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2401-1:5C59D"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-1184", "DEBIANCVE:CVE-2011-5062", "DEBIANCVE:CVE-2011-5063", "DEBIANCVE:CVE-2011-5064", "DEBIANCVE:CVE-2012-5885"]}, {"type": "f5", "idList": ["F5:K54891070"]}, {"type": "fedora", "idList": ["FEDORA:5CE3221275", "FEDORA:7A2FA214FF"]}, {"type": "gentoo", "idList": ["GLSA-201206-24"]}, {"type": "github", "idList": ["GHSA-4F7H-9J2X-CMR4", "GHSA-6CR4-7C7P-P3XV", "GHSA-99RF-92V6-CWX4", "GHSA-HFFM-FQV4-W27R", "GHSA-Q9XF-JWR4-V445"]}, {"type": "ibm", "idList": ["B5810DD31544DECD338CCD71F5C05C78B267068FE3FD01928B5545B05BEE5FA0", "C3B24D9C073C7840B6F13827EE7743D35E733053B2442D8C8AD0A06EAEC3B9DA"]}, {"type": "nessus", "idList": ["5816.PASL", "5882.PASL", "6018.PASL", "800610.PRM", "800625.PRM", "ALA_ALAS-2011-25.NASL", "CENTOS_RHSA-2011-1780.NASL", "CENTOS_RHSA-2011-1845.NASL", "DEBIAN_DSA-2401.NASL", "FEDORA_2011-15005.NASL", "FEDORA_2012-7593.NASL", "GENTOO_GLSA-201206-24.NASL", "MANDRIVA_MDVSA-2011-156.NASL", "ORACLELINUX_ELSA-2011-1780.NASL", "ORACLELINUX_ELSA-2011-1845.NASL", "REDHAT-RHSA-2011-1780.NASL", "REDHAT-RHSA-2011-1845.NASL", "REDHAT-RHSA-2012-0074.NASL", "REDHAT-RHSA-2012-0680.NASL", "REDHAT-RHSA-2012-0682.NASL", "SL_20111205_TOMCAT6_ON_SL6.NASL", "SL_20111220_TOMCAT5_ON_SL5_X.NASL", "SOLARIS11_TOMCAT_20140401.NASL", "SUSE_11_4_TOMCAT6-120207.NASL", "SUSE_11_TOMCAT6-120206.NASL", "TOMCAT_5_5_34.NASL", "TOMCAT_6_0_33.NASL", "TOMCAT_7_0_11.NASL", "TOMCAT_7_0_12.NASL", "TOMCAT_7_0_14.NASL", "UBUNTU_USN-1252-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120400", "OPENVAS:1361412562310122020", "OPENVAS:1361412562310122047", "OPENVAS:136141256231070718", "OPENVAS:136141256231071550", "OPENVAS:1361412562310802415", "OPENVAS:1361412562310803779", "OPENVAS:1361412562310803780", "OPENVAS:1361412562310812241", "OPENVAS:1361412562310812257", "OPENVAS:1361412562310831472", "OPENVAS:1361412562310840803", "OPENVAS:1361412562310850210", "OPENVAS:1361412562310863609", "OPENVAS:1361412562310864616", "OPENVAS:1361412562310870525", "OPENVAS:1361412562310870651", "OPENVAS:1361412562310881059", "OPENVAS:1361412562310881269", "OPENVAS:1361412562310881445", "OPENVAS:70718", "OPENVAS:71550", "OPENVAS:831472", "OPENVAS:840803", "OPENVAS:850210", "OPENVAS:863609", "OPENVAS:864616", "OPENVAS:870525", "OPENVAS:870651", "OPENVAS:881059", "OPENVAS:881269", "OPENVAS:881445"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1780", "ELSA-2011-1845", "ELSA-2012-0474"]}, {"type": "osv", "idList": ["OSV:DSA-2401-1", "OSV:GHSA-4F7H-9J2X-CMR4", "OSV:GHSA-6CR4-7C7P-P3XV", "OSV:GHSA-99RF-92V6-CWX4", "OSV:GHSA-HFFM-FQV4-W27R", "OSV:GHSA-Q9XF-JWR4-V445"]}, {"type": "redhat", "idList": ["RHSA-2011:1780", "RHSA-2011:1845", "RHSA-2012:0041", "RHSA-2012:0074", "RHSA-2012:0075", "RHSA-2012:0076", "RHSA-2012:0679", "RHSA-2012:0680", "RHSA-2012:0681", "RHSA-2012:0682"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:25932", "SECURITYVULNS:DOC:26119", "SECURITYVULNS:DOC:26374", "SECURITYVULNS:DOC:27069", "SECURITYVULNS:VULN:11503", "SECURITYVULNS:VULN:11584", "SECURITYVULNS:VULN:11927"]}, {"type": "seebug", "idList": ["SSV:20364"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2012:0208-1", "SUSE-SU-2012:0155-1"]}, {"type": "tomcat", "idList": ["TOMCAT:069B7EBB4E58EC2D5411D908E561D693", "TOMCAT:205164F0DDE6E8C98A7D7D1A06B0C529", "TOMCAT:83FB108AC25AD4A30E9D398A8B370AB9", "TOMCAT:849CF1402BC4CAFABDA4ED36FA85F4FA"]}, {"type": "ubuntu", "idList": ["USN-1252-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-1183", "UB:CVE-2011-1184", "UB:CVE-2011-1475", "UB:CVE-2011-1582", "UB:CVE-2011-5062", "UB:CVE-2011-5063", "UB:CVE-2011-5064", "UB:CVE-2012-5885"]}]}, "score": {"value": -0.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2011-025"]}, {"type": "centos", "idList": ["CESA-2011:1780", "CESA-2011:1845"]}, {"type": "cve", "idList": ["CVE-2011-1088", "CVE-2011-1183", "CVE-2011-1184", "CVE-2011-1475"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2401-1:5C59D"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-5062"]}, {"type": "f5", "idList": ["F5:K54891070"]}, {"type": "fedora", "idList": ["FEDORA:7A2FA214FF"]}, {"type": "freebsd", "idList": ["81FC1076-1286-11E4-BEBD-000C2980A9F3"]}, {"type": "gentoo", "idList": ["GLSA-201206-24"]}, {"type": "nessus", "idList": ["800610.PRM", "TOMCAT_7_0_11.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310803779", "OPENVAS:1361412562310803780", "OPENVAS:1361412562310864616"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1780"]}, {"type": "redhat", "idList": ["RHSA-2011:1780", "RHSA-2012:0076", "RHSA-2012:0681"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11584"]}, {"type": "seebug", "idList": ["SSV:20364"]}, {"type": "suse", "idList": ["SUSE-SU-2012:0155-1"]}, {"type": "tomcat", "idList": ["TOMCAT:069B7EBB4E58EC2D5411D908E561D693"]}, {"type": "ubuntu", "idList": ["USN-1252-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-1183", "UB:CVE-2011-1475"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "apache tomcat", "version": 7}, {"name": "apache tomcat", "version": 7}, {"name": "apache tomcat", "version": 7}]}, "vulnersScore": -0.2}, "affectedSoftware": [{"operator": "ge", "version": "7.0.0", "name": "apache tomcat"}, {"version": "7.0.11", "operator": "eq", "name": "apache tomcat"}, {"operator": "le", "version": "7.0.11", "name": "apache tomcat"}], "_state": {"dependencies": 1659988328, "score": 1659915622, "affected_software_major_version": 1666691171}, "_internal": {"score_hash": "0837c4fbb8ddf89c656a29cd0652ebfd"}}

{"nessus": [{"lastseen": "2023-01-11T14:27:21", "description": "According to its self-reported version number, the instance of Apache Tomcat 7.x listening on the remote host is prior to 7.0.12. It is, therefore, affected by multiple vulnerabilities :\n\n - A fix for CVE-2011-1088 introduced a security bypass vulnerability. If login configuration data is absent from the 'web.xml' file and a web application is marked as 'metadata-complete', security constraints are ignored and may be bypassed by an attacker. Please note this vulnerability only affects version 7.0.11 of Tomcat. (CVE-2011-1183)\n\n - Several weaknesses were found in the HTTP Digest authentication implementation. The issues are as follows: replay attacks are possible, server nonces are not checked, client nonce counts are not checked, 'quality of protection' (qop) values are not checked, realm values are not checked, and the server secret is a hard-coded, known string. The effect of these issues is that Digest authentication is no stronger than Basic authentication. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064)\n\n - Updates to the HTTP BIO connector, in support of Servlet 3.0 asynchronous requests, fail to completely handle HTTP pipelining. Sensitive information may be disclosed because responses from the server can be improperly returned to the wrong request and possibly to the wrong user. (CVE-2011-1475)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2011-04-07T00:00:00", "type": "nessus", "title": "Apache Tomcat 7.x < 7.0.12 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1088", "CVE-2011-1183", "CVE-2011-1184", "CVE-2011-1475", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_7_0_12.NASL", "href": "https://www.tenable.com/plugins/nessus/53323", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53323);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2011-1183\",\n \"CVE-2011-1184\",\n \"CVE-2011-1475\",\n \"CVE-2011-5062\",\n \"CVE-2011-5063\",\n \"CVE-2011-5064\"\n );\n script_bugtraq_id(47196, 47199, 49762);\n script_xref(name:\"SECUNIA\", value:\"43684\");\n\n script_name(english:\"Apache Tomcat 7.x < 7.0.12 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 7.x listening on the remote host is prior to 7.0.12. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - A fix for CVE-2011-1088 introduced a security bypass\n vulnerability. If login configuration data is absent\n from the 'web.xml' file and a web application is\n marked as 'metadata-complete', security constraints are\n ignored and may be bypassed by an attacker. Please note\n this vulnerability only affects version 7.0.11 of\n Tomcat. (CVE-2011-1183)\n\n - Several weaknesses were found in the HTTP Digest\n authentication implementation. The issues are as\n follows: replay attacks are possible, server nonces\n are not checked, client nonce counts are not checked,\n 'quality of protection' (qop) values are not checked,\n realm values are not checked, and the server secret is\n a hard-coded, known string. The effect of these issues\n is that Digest authentication is no stronger than Basic\n authentication. (CVE-2011-1184, CVE-2011-5062,\n CVE-2011-5063, CVE-2011-5064)\n\n - Updates to the HTTP BIO connector, in support of\n Servlet 3.0 asynchronous requests, fail to completely\n handle HTTP pipelining. Sensitive information may be\n disclosed because responses from the server can be\n improperly returned to the wrong request and possibly\n to the wrong user. (CVE-2011-1475)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.12_(released_6_Apr_2011)\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?343187a6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bz.apache.org/bugzilla/show_bug.cgi?id=50928\");\n script_set_attribute(attribute:\"see_also\", value:\"http://svn.apache.org/viewvc?view=revision&revision=1087643\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 7.0.12 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-1183\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"7.0.12\", min:\"7.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^7(\\.0)?$\");\n\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T14:27:12", "description": "According to its self-reported version number, the instance of Apache Tomcat 7.x listening on the remote host is prior to 7.0.12. It is, therefore, affected by multiple vulnerabilities:\n\n - A fix for CVE-2011-1088 introduced a security bypass vulnerability. If login configuration data is absent from the 'web.xml' file and a web application is marked as 'metadata-complete', security constraints are ignored and may be bypassed by an attacker. Please note this vulnerability only affects version 7.0.11 of Tomcat. (CVE-2011-1183)\n\n - Several weaknesses were found in the HTTP Digest authentication implementation. The issues are as follows: replay attacks are possible, server nonces are not checked, client nonce counts are not checked, 'quality of protection' (qop) values are not checked, realm values are not checked, and the server secret is a hard-coded, known string. The effect of these issues is that Digest authentication is no stronger than Basic authentication. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064)\n\n - Updates to the HTTP BIO connector, in support of Servlet 3.0 asynchronous requests, fail to completely handle HTTP pipelining. Sensitive information may be disclosed because responses from the server can be improperly returned to the wrong request and possibly to the wrong user. (CVE-2011-1475)\n\nNote that Nessus Network Monitor has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2011-04-07T00:00:00", "type": "nessus", "title": "Apache Tomcat 7.0.x < 7.0.12 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1088", "CVE-2011-1183", "CVE-2011-1184", "CVE-2011-1475", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "5882.PASL", "href": "https://www.tenable.com/plugins/nnm/5882", "sourceData": "Binary data 5882.pasl", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T14:27:04", "description": "Versions of Tomcat 7.0.x earlier than 7.0.12 are potentially affected by multiple vulnerabilities : \n\n - An information disclosure exists in the HTTP BIO connector. (CVE-2011-1475)\n\n - A security bypass vulnerability exists due to a regression in the fix for CVE-2011-1088. Note that this issue only affects Tomcat 7.0.11.(CVE-2011-1183)", "cvss3": {}, "published": "2011-04-07T00:00:00", "type": "nessus", "title": "Apache Tomcat 7.0.x < 7.0.12 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1088", "CVE-2011-1183", "CVE-2011-1184", "CVE-2011-1475", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "modified": "2011-04-07T00:00:00", "cpe": [], "id": "800625.PRM", "href": "https://www.tenable.com/plugins/lce/800625", "sourceData": "Binary data 800625.prm", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-18T14:34:22", "description": "This update fixes a regression in parameter passing (in urldecoding of parameters that contain spaces).\n\nIn addition, multiple weaknesses in HTTP DIGESTS are fixed (CVE-2011-1184).\n\nCVE-2011-5062: The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33 and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.\n\nCVE-2011-5063: The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.\n\nCVE-2011-5064: DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat6 (openSUSE-SU-2012:0208-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat6", "p-cpe:/a:novell:opensuse:tomcat6-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat6-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat6-el-1_0-api", "p-cpe:/a:novell:opensuse:tomcat6-javadoc", "p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:opensuse:tomcat6-lib", "p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:opensuse:tomcat6-webapps", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_TOMCAT6-120207.NASL", "href": "https://www.tenable.com/plugins/nessus/76037", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tomcat6-5765.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76037);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\");\n\n script_name(english:\"openSUSE Security Update : tomcat6 (openSUSE-SU-2012:0208-1)\");\n script_summary(english:\"Check for the tomcat6-5765 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a regression in parameter passing (in urldecoding of\nparameters that contain spaces).\n\nIn addition, multiple weaknesses in HTTP DIGESTS are fixed\n(CVE-2011-1184).\n\nCVE-2011-5062: The HTTP Digest Access Authentication implementation in\nApache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33 and 7.x before\n7.0.12 does not check qop values, which might allow remote attackers\nto bypass intended integrity-protection requirements via a qop=auth\nvalue, a different vulnerability than CVE-2011-1184.\n\nCVE-2011-5063: The HTTP Digest Access Authentication implementation in\nApache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before\n7.0.12 does not check realm values, which might allow remote attackers\nto bypass intended access restrictions by leveraging the availability\nof a protection space with weaker authentication or authorization\nrequirements, a different vulnerability than CVE-2011-1184.\n\nCVE-2011-5064: DigestAuthenticator.java in the HTTP Digest Access\nAuthentication implementation in Apache Tomcat 5.5.x before 5.5.34,\n6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the\nhard-coded server secret (aka private key), which makes it easier for\nremote attackers to bypass cryptographic protection mechanisms by\nleveraging knowledge of this string, a different vulnerability than\nCVE-2011-1184.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=742477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-02/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-el-1_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"tomcat6-6.0.32-7.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"tomcat6-admin-webapps-6.0.32-7.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"tomcat6-docs-webapp-6.0.32-7.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"tomcat6-el-1_0-api-6.0.32-7.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"tomcat6-javadoc-6.0.32-7.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"tomcat6-jsp-2_1-api-6.0.32-7.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"tomcat6-lib-6.0.32-7.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"tomcat6-servlet-2_5-api-6.0.32-7.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"tomcat6-webapps-6.0.32-7.14.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:21:35", "description": "This update fixes a regression in parameter passing (in urldecoding of parameters that contain spaces).\n\nIn addition, multiple weaknesses in HTTP DIGESTS have been fixed (CVE-2011-1184) :\n\n - The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33 and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.\n (CVE-2011-5062)\n\n - The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184. (CVE-2011-5063)\n\n - DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184. (CVE-2011-5064)", "cvss3": {}, "published": "2012-02-07T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : tomcat6 (SAT Patch Number 5759)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:tomcat6", "p-cpe:/a:novell:suse_linux:11:tomcat6-admin-webapps", "p-cpe:/a:novell:suse_linux:11:tomcat6-docs-webapp", "p-cpe:/a:novell:suse_linux:11:tomcat6-javadoc", "p-cpe:/a:novell:suse_linux:11:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:suse_linux:11:tomcat6-lib", "p-cpe:/a:novell:suse_linux:11:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:suse_linux:11:tomcat6-webapps", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_TOMCAT6-120206.NASL", "href": "https://www.tenable.com/plugins/nessus/57855", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57855);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\");\n\n script_name(english:\"SuSE 11.1 Security Update : tomcat6 (SAT Patch Number 5759)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a regression in parameter passing (in urldecoding of\nparameters that contain spaces).\n\nIn addition, multiple weaknesses in HTTP DIGESTS have been fixed\n(CVE-2011-1184) :\n\n - The HTTP Digest Access Authentication implementation in\n Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33 and\n 7.x before 7.0.12 does not check qop values, which might\n allow remote attackers to bypass intended\n integrity-protection requirements via a qop=auth value,\n a different vulnerability than CVE-2011-1184.\n (CVE-2011-5062)\n\n - The HTTP Digest Access Authentication implementation in\n Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33,\n and 7.x before 7.0.12 does not check realm values, which\n might allow remote attackers to bypass intended access\n restrictions by leveraging the availability of a\n protection space with weaker authentication or\n authorization requirements, a different vulnerability\n than CVE-2011-1184. (CVE-2011-5063)\n\n - DigestAuthenticator.java in the HTTP Digest Access\n Authentication implementation in Apache Tomcat 5.5.x\n before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12\n uses Catalina as the hard-coded server secret (aka\n private key), which makes it easier for remote attackers\n to bypass cryptographic protection mechanisms by\n leveraging knowledge of this string, a different\n vulnerability than CVE-2011-1184. (CVE-2011-5064)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=735343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=742477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1184.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-5062.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-5063.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-5064.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5759.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"tomcat6-6.0.18-20.35.36.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"tomcat6-admin-webapps-6.0.18-20.35.36.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"tomcat6-docs-webapp-6.0.18-20.35.36.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"tomcat6-javadoc-6.0.18-20.35.36.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"tomcat6-jsp-2_1-api-6.0.18-20.35.36.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"tomcat6-lib-6.0.18-20.35.36.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"tomcat6-servlet-2_5-api-6.0.18-20.35.36.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"tomcat6-webapps-6.0.18-20.35.36.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:38:52", "description": "Updated tomcat6 packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nAPR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and CVE-2011-2526 descriptions does not refer to APR provided by the apr packages. It refers to the implementation of APR provided by the Tomcat Native library, which provides support for using APR with Tomcat. This library is not shipped with Red Hat Enterprise Linux 6.\nThis update includes fixes for users who have elected to use APR with Tomcat by taking the Tomcat Native library from a different product.\nSuch a configuration is not supported by Red Hat, however.\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor) and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ Protocol) connectors processed certain POST requests. An attacker could send a specially crafted request that would cause the connector to treat the message body as a new request. This allows arbitrary AJP messages to be injected, possibly allowing an attacker to bypass a web application's authentication checks and gain access to information they would otherwise be unable to access. The JK (org.apache.jk.server.JkCoyoteHandler) connector is used by default when the APR libraries are not present. The JK connector is not affected by this flaw. (CVE-2011-3190)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204)\n\nA flaw was found in the way Tomcat handled sendfile request attributes when using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application running on a Tomcat instance could use this flaw to bypass security manager restrictions and gain access to files it would otherwise be unable to access, or possibly terminate the Java Virtual Machine (JVM). The HTTP blocking IO (BIO) connector, which is not vulnerable to this issue, is used by default in Red Hat Enterprise Linux 6. (CVE-2011-2526)\n\nRed Hat would like to thank the Apache Tomcat project for reporting the CVE-2011-2526 issue.\n\nThis update also fixes the following bug :\n\n* Previously, in certain cases, if 'LANG=fr_FR' or 'LANG=fr_FR.UTF-8' was set as an environment variable or in '/etc/sysconfig/tomcat6' on 64-bit PowerPC systems, Tomcat may have failed to start correctly.\nWith this update, Tomcat works as expected when LANG is set to 'fr_FR' or 'fr_FR.UTF-8'. (BZ#748807)\n\nUsers of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2011-12-06T00:00:00", "type": "nessus", "title": "RHEL 6 : tomcat6 (RHSA-2011:1780)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.1"], "id": "REDHAT-RHSA-2011-1780.NASL", "href": "https://www.tenable.com/plugins/nessus/57023", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1780. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57023);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\");\n script_bugtraq_id(48456, 48667, 49353, 49762);\n script_xref(name:\"RHSA\", value:\"2011:1780\");\n\n script_name(english:\"RHEL 6 : tomcat6 (RHSA-2011:1780)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat6 packages that fix several security issues and one bug\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nAPR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and\nCVE-2011-2526 descriptions does not refer to APR provided by the apr\npackages. It refers to the implementation of APR provided by the\nTomcat Native library, which provides support for using APR with\nTomcat. This library is not shipped with Red Hat Enterprise Linux 6.\nThis update includes fixes for users who have elected to use APR with\nTomcat by taking the Tomcat Native library from a different product.\nSuch a configuration is not supported by Red Hat, however.\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses\nof HTTP BASIC authentication, for example, allowing remote attackers\nto perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the way the Coyote\n(org.apache.coyote.ajp.AjpProcessor) and APR\n(org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker\ncould send a specially crafted request that would cause the connector\nto treat the message body as a new request. This allows arbitrary AJP\nmessages to be injected, possibly allowing an attacker to bypass a web\napplication's authentication checks and gain access to information\nthey would otherwise be unable to access. The JK\n(org.apache.jk.server.JkCoyoteHandler) connector is used by default\nwhen the APR libraries are not present. The JK connector is not\naffected by this flaw. (CVE-2011-3190)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime\nexception occurred when creating a new user with a JMX client, that\nuser's password was logged to Tomcat log files. Note: By default, only\nadministrators have access to such log files. (CVE-2011-2204)\n\nA flaw was found in the way Tomcat handled sendfile request attributes\nwhen using the HTTP APR or NIO (Non-Blocking I/O) connector. A\nmalicious web application running on a Tomcat instance could use this\nflaw to bypass security manager restrictions and gain access to files\nit would otherwise be unable to access, or possibly terminate the Java\nVirtual Machine (JVM). The HTTP blocking IO (BIO) connector, which is\nnot vulnerable to this issue, is used by default in Red Hat Enterprise\nLinux 6. (CVE-2011-2526)\n\nRed Hat would like to thank the Apache Tomcat project for reporting\nthe CVE-2011-2526 issue.\n\nThis update also fixes the following bug :\n\n* Previously, in certain cases, if 'LANG=fr_FR' or 'LANG=fr_FR.UTF-8'\nwas set as an environment variable or in '/etc/sysconfig/tomcat6' on\n64-bit PowerPC systems, Tomcat may have failed to start correctly.\nWith this update, Tomcat works as expected when LANG is set to 'fr_FR'\nor 'fr_FR.UTF-8'. (BZ#748807)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-6.html\"\n );\n # https://access.redhat.com/support/offerings/production/soc.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/support/offerings/production/soc\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1780\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1780\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-6.0.24-35.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-admin-webapps-6.0.24-35.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-docs-webapp-6.0.24-35.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-el-2.1-api-6.0.24-35.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-javadoc-6.0.24-35.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-35.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-lib-6.0.24-35.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-35.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-webapps-6.0.24-35.el6_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:38:52", "description": "Updated tomcat6 packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nAPR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and CVE-2011-2526 descriptions does not refer to APR provided by the apr packages. It refers to the implementation of APR provided by the Tomcat Native library, which provides support for using APR with Tomcat. This library is not shipped with Red Hat Enterprise Linux 6.\nThis update includes fixes for users who have elected to use APR with Tomcat by taking the Tomcat Native library from a different product.\nSuch a configuration is not supported by Red Hat, however.\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor) and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ Protocol) connectors processed certain POST requests. An attacker could send a specially crafted request that would cause the connector to treat the message body as a new request. This allows arbitrary AJP messages to be injected, possibly allowing an attacker to bypass a web application's authentication checks and gain access to information they would otherwise be unable to access. The JK (org.apache.jk.server.JkCoyoteHandler) connector is used by default when the APR libraries are not present. The JK connector is not affected by this flaw. (CVE-2011-3190)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204)\n\nA flaw was found in the way Tomcat handled sendfile request attributes when using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application running on a Tomcat instance could use this flaw to bypass security manager restrictions and gain access to files it would otherwise be unable to access, or possibly terminate the Java Virtual Machine (JVM). The HTTP blocking IO (BIO) connector, which is not vulnerable to this issue, is used by default in Red Hat Enterprise Linux 6. (CVE-2011-2526)\n\nRed Hat would like to thank the Apache Tomcat project for reporting the CVE-2011-2526 issue.\n\nThis update also fixes the following bug :\n\n* Previously, in certain cases, if 'LANG=fr_FR' or 'LANG=fr_FR.UTF-8' was set as an environment variable or in '/etc/sysconfig/tomcat6' on 64-bit PowerPC systems, Tomcat may have failed to start correctly.\nWith this update, Tomcat works as expected when LANG is set to 'fr_FR' or 'fr_FR.UTF-8'. (BZ#748807)\n\nUsers of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2011-12-23T00:00:00", "type": "nessus", "title": "CentOS 6 : tomcat6 (CESA-2011:1780)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat6", "p-cpe:/a:centos:centos:tomcat6-admin-webapps", "p-cpe:/a:centos:centos:tomcat6-docs-webapp", "p-cpe:/a:centos:centos:tomcat6-el-2.1-api", "p-cpe:/a:centos:centos:tomcat6-javadoc", "p-cpe:/a:centos:centos:tomcat6-jsp-2.1-api", "p-cpe:/a:centos:centos:tomcat6-lib", "p-cpe:/a:centos:centos:tomcat6-servlet-2.5-api", "p-cpe:/a:centos:centos:tomcat6-webapps", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2011-1780.NASL", "href": "https://www.tenable.com/plugins/nessus/57374", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1780 and \n# CentOS Errata and Security Advisory 2011:1780 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57374);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\");\n script_bugtraq_id(48456, 48667, 49353, 49762);\n script_xref(name:\"RHSA\", value:\"2011:1780\");\n\n script_name(english:\"CentOS 6 : tomcat6 (CESA-2011:1780)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat6 packages that fix several security issues and one bug\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nAPR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and\nCVE-2011-2526 descriptions does not refer to APR provided by the apr\npackages. It refers to the implementation of APR provided by the\nTomcat Native library, which provides support for using APR with\nTomcat. This library is not shipped with Red Hat Enterprise Linux 6.\nThis update includes fixes for users who have elected to use APR with\nTomcat by taking the Tomcat Native library from a different product.\nSuch a configuration is not supported by Red Hat, however.\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses\nof HTTP BASIC authentication, for example, allowing remote attackers\nto perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the way the Coyote\n(org.apache.coyote.ajp.AjpProcessor) and APR\n(org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker\ncould send a specially crafted request that would cause the connector\nto treat the message body as a new request. This allows arbitrary AJP\nmessages to be injected, possibly allowing an attacker to bypass a web\napplication's authentication checks and gain access to information\nthey would otherwise be unable to access. The JK\n(org.apache.jk.server.JkCoyoteHandler) connector is used by default\nwhen the APR libraries are not present. The JK connector is not\naffected by this flaw. (CVE-2011-3190)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime\nexception occurred when creating a new user with a JMX client, that\nuser's password was logged to Tomcat log files. Note: By default, only\nadministrators have access to such log files. (CVE-2011-2204)\n\nA flaw was found in the way Tomcat handled sendfile request attributes\nwhen using the HTTP APR or NIO (Non-Blocking I/O) connector. A\nmalicious web application running on a Tomcat instance could use this\nflaw to bypass security manager restrictions and gain access to files\nit would otherwise be unable to access, or possibly terminate the Java\nVirtual Machine (JVM). The HTTP blocking IO (BIO) connector, which is\nnot vulnerable to this issue, is used by default in Red Hat Enterprise\nLinux 6. (CVE-2011-2526)\n\nRed Hat would like to thank the Apache Tomcat project for reporting\nthe CVE-2011-2526 issue.\n\nThis update also fixes the following bug :\n\n* Previously, in certain cases, if 'LANG=fr_FR' or 'LANG=fr_FR.UTF-8'\nwas set as an environment variable or in '/etc/sysconfig/tomcat6' on\n64-bit PowerPC systems, Tomcat may have failed to start correctly.\nWith this update, Tomcat works as expected when LANG is set to 'fr_FR'\nor 'fr_FR.UTF-8'. (BZ#748807)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-December/018356.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fa61944a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-6.0.24-35.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-admin-webapps-6.0.24-35.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-docs-webapp-6.0.24-35.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-el-2.1-api-6.0.24-35.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-javadoc-6.0.24-35.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-35.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-lib-6.0.24-35.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-35.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-webapps-6.0.24-35.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:38:49", "description": "Updated tomcat5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was found that web applications could modify the location of the Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web application could use this flaw to trick Tomcat into giving it read and write access to an arbitrary directory on the file system.\n(CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager application, used for managing web applications on Apache Tomcat. A malicious web application could use this flaw to conduct an XSS attack, leading to arbitrary web script execution with the privileges of victims who are logged into and viewing Manager application web pages. (CVE-2011-0013)\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204)\n\nUsers of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2011-12-21T00:00:00", "type": "nessus", "title": "RHEL 5 : tomcat5 (RHSA-2011:1845)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718", "CVE-2011-0013", "CVE-2011-1184", "CVE-2011-2204", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat5", "p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2011-1845.NASL", "href": "https://www.tenable.com/plugins/nessus/57356", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1845. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57356);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\");\n script_bugtraq_id(46174, 46177, 48456, 49762);\n script_xref(name:\"RHSA\", value:\"2011:1845\");\n\n script_name(english:\"RHEL 5 : tomcat5 (RHSA-2011:1845)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that web applications could modify the location of the\nTomcat host's work directory. As web applications deployed on Tomcat\nhave read and write access to this directory, a malicious web\napplication could use this flaw to trick Tomcat into giving it read\nand write access to an arbitrary directory on the file system.\n(CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager\napplication, used for managing web applications on Apache Tomcat. A\nmalicious web application could use this flaw to conduct an XSS\nattack, leading to arbitrary web script execution with the privileges\nof victims who are logged into and viewing Manager application web\npages. (CVE-2011-0013)\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses\nof HTTP BASIC authentication, for example, allowing remote attackers\nto perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime\nexception occurred when creating a new user with a JMX client, that\nuser's password was logged to Tomcat log files. Note: By default, only\nadministrators have access to such log files. (CVE-2011-2204)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-5.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1845\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1845\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-common-lib-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-common-lib-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-common-lib-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-server-lib-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-server-lib-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-server-lib-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-webapps-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-webapps-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-webapps-5.5.23-0jpp.22.el5_7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:35:07", "description": "According to its self-reported version number, the instance of Apache Tomcat 6.0.x listening on the remote host is prior to 6.0.33. It is, therefore, affected by multiple vulnerabilities :\n\n - Several weaknesses were found in the HTTP Digest authentication implementation. The issues are as follows: replay attacks are possible, server nonces are not checked, client nonce counts are not checked, 'quality of protection' (qop) values are not checked, realm values are not checked and the server secret is a hard-coded, known string. The effect of these issues is that Digest authentication is no stronger than Basic authentication. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064)\n\n - An error handling issue exists related to the MemoryUserDatabase that allows user passwords to be disclosed through log files. (CVE-2011-2204)\n\n - An input validation error exists that allows a local attacker to either bypass security or carry out denial of service attacks when the APR or NIO connectors are enabled. (CVE-2011-2526)\n\n - A component that Apache Tomcat relies on called 'jsvc' contains an error in that it does not drop capabilities after starting and can allow access to sensitive files owned by the super user. Note this vulnerability only affects Linux operating systems and only when the following are true: jsvc is compiled with libpcap and the '-user' parameter is used. (CVE-2011-2729)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2011-08-30T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.33 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_6_0_33.NASL", "href": "https://www.tenable.com/plugins/nessus/56008", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56008);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2011-1184\",\n \"CVE-2011-2204\",\n \"CVE-2011-2526\",\n \"CVE-2011-2729\",\n \"CVE-2011-5062\",\n \"CVE-2011-5063\",\n \"CVE-2011-5064\"\n );\n script_bugtraq_id(\n 48456,\n 48667,\n 49143,\n 49762\n );\n\n script_name(english:\"Apache Tomcat 6.0.x < 6.0.33 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 6.0.x listening on the remote host is prior to 6.0.33. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - Several weaknesses were found in the HTTP Digest\n authentication implementation. The issues are as\n follows: replay attacks are possible, server nonces\n are not checked, client nonce counts are not checked,\n 'quality of protection' (qop) values are not checked,\n realm values are not checked and the server secret is\n a hard-coded, known string. The effect of these issues\n is that Digest authentication is no stronger than Basic\n authentication. (CVE-2011-1184, CVE-2011-5062,\n CVE-2011-5063, CVE-2011-5064)\n\n - An error handling issue exists related to the\n MemoryUserDatabase that allows user passwords to be\n disclosed through log files. (CVE-2011-2204)\n\n - An input validation error exists that allows a local\n attacker to either bypass security or carry out denial\n of service attacks when the APR or NIO connectors are\n enabled. (CVE-2011-2526)\n\n - A component that Apache Tomcat relies on called 'jsvc'\n contains an error in that it does not drop capabilities\n after starting and can allow access to sensitive files\n owned by the super user. Note this vulnerability only\n affects Linux operating systems and only when the\n following are true: jsvc is compiled with libpcap and\n the '-user' parameter is used. (CVE-2011-2729)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.33\");\n # http://mail-archives.apache.org/mod_mbox/tomcat-announce/201108.mbox/%3C20110818135645.GA98251@minotaur.apache.org%3E\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b56cc2cd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 6.0.33 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-1184\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"6.0.33\", min:\"6.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^6(\\.0)?$\");\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:39:37", "description": "Updated tomcat5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was found that web applications could modify the location of the Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web application could use this flaw to trick Tomcat into giving it read and write access to an arbitrary directory on the file system.\n(CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager application, used for managing web applications on Apache Tomcat. A malicious web application could use this flaw to conduct an XSS attack, leading to arbitrary web script execution with the privileges of victims who are logged into and viewing Manager application web pages. (CVE-2011-0013)\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204)\n\nUsers of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2011-12-21T00:00:00", "type": "nessus", "title": "CentOS 5 : tomcat5 (CESA-2011:1845)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718", "CVE-2011-0013", "CVE-2011-1184", "CVE-2011-2204", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat5", "p-cpe:/a:centos:centos:tomcat5-admin-webapps", "p-cpe:/a:centos:centos:tomcat5-common-lib", "p-cpe:/a:centos:centos:tomcat5-jasper", "p-cpe:/a:centos:centos:tomcat5-jasper-javadoc", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:centos:centos:tomcat5-server-lib", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:centos:centos:tomcat5-webapps", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1845.NASL", "href": "https://www.tenable.com/plugins/nessus/57354", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1845 and \n# CentOS Errata and Security Advisory 2011:1845 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57354);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\");\n script_bugtraq_id(46174, 46177, 48456, 49762);\n script_xref(name:\"RHSA\", value:\"2011:1845\");\n\n script_name(english:\"CentOS 5 : tomcat5 (CESA-2011:1845)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that web applications could modify the location of the\nTomcat host's work directory. As web applications deployed on Tomcat\nhave read and write access to this directory, a malicious web\napplication could use this flaw to trick Tomcat into giving it read\nand write access to an arbitrary directory on the file system.\n(CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager\napplication, used for managing web applications on Apache Tomcat. A\nmalicious web application could use this flaw to conduct an XSS\nattack, leading to arbitrary web script execution with the privileges\nof victims who are logged into and viewing Manager application web\npages. (CVE-2011-0013)\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses\nof HTTP BASIC authentication, for example, allowing remote attackers\nto perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime\nexception occurred when creating a new user with a JMX client, that\nuser's password was logged to Tomcat log files. Note: By default, only\nadministrators have access to such log files. (CVE-2011-2204)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-December/018336.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b9373df8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-December/018337.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d801a1f1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-webapps-5.5.23-0jpp.22.el5_7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:48:24", "description": "From Red Hat Security Advisory 2011:1780 :\n\nUpdated tomcat6 packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nAPR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and CVE-2011-2526 descriptions does not refer to APR provided by the apr packages. It refers to the implementation of APR provided by the Tomcat Native library, which provides support for using APR with Tomcat. This library is not shipped with Red Hat Enterprise Linux 6.\nThis update includes fixes for users who have elected to use APR with Tomcat by taking the Tomcat Native library from a different product.\nSuch a configuration is not supported by Red Hat, however.\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor) and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ Protocol) connectors processed certain POST requests. An attacker could send a specially crafted request that would cause the connector to treat the message body as a new request. This allows arbitrary AJP messages to be injected, possibly allowing an attacker to bypass a web application's authentication checks and gain access to information they would otherwise be unable to access. The JK (org.apache.jk.server.JkCoyoteHandler) connector is used by default when the APR libraries are not present. The JK connector is not affected by this flaw. (CVE-2011-3190)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204)\n\nA flaw was found in the way Tomcat handled sendfile request attributes when using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application running on a Tomcat instance could use this flaw to bypass security manager restrictions and gain access to files it would otherwise be unable to access, or possibly terminate the Java Virtual Machine (JVM). The HTTP blocking IO (BIO) connector, which is not vulnerable to this issue, is used by default in Red Hat Enterprise Linux 6. (CVE-2011-2526)\n\nRed Hat would like to thank the Apache Tomcat project for reporting the CVE-2011-2526 issue.\n\nThis update also fixes the following bug :\n\n* Previously, in certain cases, if 'LANG=fr_FR' or 'LANG=fr_FR.UTF-8' was set as an environment variable or in '/etc/sysconfig/tomcat6' on 64-bit PowerPC systems, Tomcat may have failed to start correctly.\nWith this update, Tomcat works as expected when LANG is set to 'fr_FR' or 'fr_FR.UTF-8'. (BZ#748807)\n\nUsers of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : tomcat6 (ELSA-2011-1780)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat6", "p-cpe:/a:oracle:linux:tomcat6-admin-webapps", "p-cpe:/a:oracle:linux:tomcat6-docs-webapp", "p-cpe:/a:oracle:linux:tomcat6-el-2.1-api", "p-cpe:/a:oracle:linux:tomcat6-javadoc", "p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api", "p-cpe:/a:oracle:linux:tomcat6-lib", "p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api", "p-cpe:/a:oracle:linux:tomcat6-webapps", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2011-1780.NASL", "href": "https://www.tenable.com/plugins/nessus/68399", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1780 and \n# Oracle Linux Security Advisory ELSA-2011-1780 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68399);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\");\n script_bugtraq_id(48456, 48667, 49353, 49762);\n script_xref(name:\"RHSA\", value:\"2011:1780\");\n\n script_name(english:\"Oracle Linux 6 : tomcat6 (ELSA-2011-1780)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1780 :\n\nUpdated tomcat6 packages that fix several security issues and one bug\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nAPR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and\nCVE-2011-2526 descriptions does not refer to APR provided by the apr\npackages. It refers to the implementation of APR provided by the\nTomcat Native library, which provides support for using APR with\nTomcat. This library is not shipped with Red Hat Enterprise Linux 6.\nThis update includes fixes for users who have elected to use APR with\nTomcat by taking the Tomcat Native library from a different product.\nSuch a configuration is not supported by Red Hat, however.\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses\nof HTTP BASIC authentication, for example, allowing remote attackers\nto perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the way the Coyote\n(org.apache.coyote.ajp.AjpProcessor) and APR\n(org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker\ncould send a specially crafted request that would cause the connector\nto treat the message body as a new request. This allows arbitrary AJP\nmessages to be injected, possibly allowing an attacker to bypass a web\napplication's authentication checks and gain access to information\nthey would otherwise be unable to access. The JK\n(org.apache.jk.server.JkCoyoteHandler) connector is used by default\nwhen the APR libraries are not present. The JK connector is not\naffected by this flaw. (CVE-2011-3190)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime\nexception occurred when creating a new user with a JMX client, that\nuser's password was logged to Tomcat log files. Note: By default, only\nadministrators have access to such log files. (CVE-2011-2204)\n\nA flaw was found in the way Tomcat handled sendfile request attributes\nwhen using the HTTP APR or NIO (Non-Blocking I/O) connector. A\nmalicious web application running on a Tomcat instance could use this\nflaw to bypass security manager restrictions and gain access to files\nit would otherwise be unable to access, or possibly terminate the Java\nVirtual Machine (JVM). The HTTP blocking IO (BIO) connector, which is\nnot vulnerable to this issue, is used by default in Red Hat Enterprise\nLinux 6. (CVE-2011-2526)\n\nRed Hat would like to thank the Apache Tomcat project for reporting\nthe CVE-2011-2526 issue.\n\nThis update also fixes the following bug :\n\n* Previously, in certain cases, if 'LANG=fr_FR' or 'LANG=fr_FR.UTF-8'\nwas set as an environment variable or in '/etc/sysconfig/tomcat6' on\n64-bit PowerPC systems, Tomcat may have failed to start correctly.\nWith this update, Tomcat works as expected when LANG is set to 'fr_FR'\nor 'fr_FR.UTF-8'. (BZ#748807)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-December/002493.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-6.0.24-35.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-admin-webapps-6.0.24-35.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-docs-webapp-6.0.24-35.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-el-2.1-api-6.0.24-35.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-javadoc-6.0.24-35.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-35.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-lib-6.0.24-35.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-35.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-webapps-6.0.24-35.el6_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:54:31", "description": "From Red Hat Security Advisory 2011:1845 :\n\nUpdated tomcat5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was found that web applications could modify the location of the Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web application could use this flaw to trick Tomcat into giving it read and write access to an arbitrary directory on the file system.\n(CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager application, used for managing web applications on Apache Tomcat. A malicious web application could use this flaw to conduct an XSS attack, leading to arbitrary web script execution with the privileges of victims who are logged into and viewing Manager application web pages. (CVE-2011-0013)\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204)\n\nUsers of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : tomcat5 (ELSA-2011-1845)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3718", "CVE-2011-0013", "CVE-2011-1184", "CVE-2011-2204", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat5", "p-cpe:/a:oracle:linux:tomcat5-admin-webapps", "p-cpe:/a:oracle:linux:tomcat5-common-lib", "p-cpe:/a:oracle:linux:tomcat5-jasper", "p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-server-lib", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-webapps", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2011-1845.NASL", "href": "https://www.tenable.com/plugins/nessus/68410", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1845 and \n# Oracle Linux Security Advisory ELSA-2011-1845 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68410);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\");\n script_bugtraq_id(46174, 46177, 48456, 49762);\n script_xref(name:\"RHSA\", value:\"2011:1845\");\n\n script_name(english:\"Oracle Linux 5 : tomcat5 (ELSA-2011-1845)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1845 :\n\nUpdated tomcat5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that web applications could modify the location of the\nTomcat host's work directory. As web applications deployed on Tomcat\nhave read and write access to this directory, a malicious web\napplication could use this flaw to trick Tomcat into giving it read\nand write access to an arbitrary directory on the file system.\n(CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager\napplication, used for managing web applications on Apache Tomcat. A\nmalicious web application could use this flaw to conduct an XSS\nattack, leading to arbitrary web script execution with the privileges\nof victims who are logged into and viewing Manager application web\npages. (CVE-2011-0013)\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses\nof HTTP BASIC authentication, for example, allowing remote attackers\nto perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime\nexception occurred when creating a new user with a JMX client, that\nuser's password was logged to Tomcat log files. Note: By default, only\nadministrators have access to such log files. (CVE-2011-2204)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-December/002527.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-webapps-5.5.23-0jpp.22.el5_7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:34:35", "description": "According to its self-reported version number, the instance of Apache Tomcat 6.0.x listening on the remote host is prior to 6.0.33. It is, therefore, affected by multiple vulnerabilities:\n\n- Several weaknesses were found in the HTTP Digest authentication implementation. The issues are as follows: replay attacks are possible, server nonces are not checked, client nonce counts are not checked, 'quality of protection' (qop) values are not checked, realm values are not checked and the server secret is a hard-coded, known string. The effect of these issues is that Digest authentication is no stronger than Basic authentication. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064)\n\n - An error handling issue exists related to the MemoryUserDatabase that allows user passwords to be disclosed through log files. (CVE-2011-2204)\n\n - An input validation error exists that allows a local attacker to either bypass security or carry out denial of service attacks when the APR or NIO connectors are enabled. (CVE-2011-2526)\n\n - A component that Apache Tomcat relies on called 'jsvc' contains an error in that it does not drop capabilities after starting and can allow access to sensitive files owned by the super user. Note this vulnerability only affects Linux operating systems and only when the following are true: jsvc is compiled with libpcap and the '-user' parameter is used. (CVE-2011-2729)\n\nNote that Nessus Network Monitor has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2011-08-30T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.33 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "6018.PASL", "href": "https://www.tenable.com/plugins/nnm/6018", "sourceData": "Binary data 6018.pasl", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:36:01", "description": "According to its self-reported version number, the instance of Apache Tomcat 5.5.x listening on the remote host is prior to 5.5.34. It is, there, affected by multiple vulnerabilities :\n\n - Several weaknesses were found in the HTTP Digest authentication implementation. The issues are as follows: replay attacks are possible, server nonces are not checked, client nonce counts are not checked, 'quality of protection' (qop) values are not checked, realm values are not checked and the server secret is a hard-coded, known string. The effect of these issues is that Digest authentication is no stronger than Basic authentication. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064)\n\n - An error handling issue exists related to the MemoryUserDatabase that allows user passwords to be disclosed through log files. (CVE-2011-2204)\n\n - An input validation error exists that allows a local attacker to either bypass security or carry out denial of service attacks when the APR or NIO connectors are enabled. (CVE-2011-2526)\n\n - A component that Apache Tomcat relies on called 'jsvc' contains an error in that it does not drop capabilities after starting and can allow access to sensitive files owned by the super user. Note this vulnerability only affects Linux operating systems and only when 'jsvc' is compiled with libpcap and the '-user' parameter is used. (CVE-2011-2729)\n\n - Specially crafted requests are incorrectly processed by Tomcat and can cause the server to allow injection of arbitrary AJP messages. This can lead to authentication bypass and disclosure of sensitive information. Note this vulnerability only occurs when the org.apache.jk.server.JkCoyoteHandler AJP connector is not used, POST requests are accepted, and the request body is not processed.(CVE-2011-3190)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2011-09-26T00:00:00", "type": "nessus", "title": "Apache Tomcat 5.5.x < 5.5.34 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-3190", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_5_5_34.NASL", "href": "https://www.tenable.com/plugins/nessus/56301", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56301);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2011-1184\",\n \"CVE-2011-2204\",\n \"CVE-2011-2526\",\n \"CVE-2011-2729\",\n \"CVE-2011-3190\",\n \"CVE-2011-5062\",\n \"CVE-2011-5063\",\n \"CVE-2011-5064\"\n );\n script_bugtraq_id(\n 48456,\n 48667,\n 49143,\n 49353,\n 49762\n );\n\n script_name(english:\"Apache Tomcat 5.5.x < 5.5.34 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 5.5.x listening on the remote host is prior to 5.5.34. It is,\nthere, affected by multiple vulnerabilities :\n\n - Several weaknesses were found in the HTTP Digest\n authentication implementation. The issues are as\n follows: replay attacks are possible, server nonces\n are not checked, client nonce counts are not checked,\n 'quality of protection' (qop) values are not checked,\n realm values are not checked and the server secret is\n a hard-coded, known string. The effect of these issues\n is that Digest authentication is no stronger than Basic\n authentication. (CVE-2011-1184, CVE-2011-5062,\n CVE-2011-5063, CVE-2011-5064)\n\n - An error handling issue exists related to the\n MemoryUserDatabase that allows user passwords to be\n disclosed through log files. (CVE-2011-2204)\n\n - An input validation error exists that allows a local\n attacker to either bypass security or carry out denial\n of service attacks when the APR or NIO connectors are\n enabled. (CVE-2011-2526)\n\n - A component that Apache Tomcat relies on called 'jsvc'\n contains an error in that it does not drop capabilities\n after starting and can allow access to sensitive files\n owned by the super user. Note this vulnerability only\n affects Linux operating systems and only when 'jsvc' is\n compiled with libpcap and the '-user' parameter is\n used. (CVE-2011-2729)\n\n - Specially crafted requests are incorrectly processed by\n Tomcat and can cause the server to allow injection of\n arbitrary AJP messages. This can lead to authentication\n bypass and disclosure of sensitive information. Note\n this vulnerability only occurs when the\n org.apache.jk.server.JkCoyoteHandler AJP connector is\n not used, POST requests are accepted, and the request\n body is not processed.(CVE-2011-3190)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.34\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 5.5.34 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-1184\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"5.5.34\", min:\"5.5.0\", severity:SECURITY_HOLE, granularity_regex:\"^5(\\.5)?$\");\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:37:10", "description": "Updated jbossweb packages that fix multiple security issues are now available for JBoss Enterprise Application Platform 5.1.2 for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nJBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages (JSP) and Java Servlet technologies.\n\nA flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service (infinite loop) on the JBoss Web server.\n(CVE-2011-4610)\n\nIt was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters and headers processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in 'jboss-as/server/[PROFILE]/deploy/properties-service.xml'.\n(CVE-2011-4858)\n\nIt was found that JBoss Web did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make a JBoss Web server use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue.\nRefer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nMultiple flaws were found in the way JBoss Web handled HTTP DIGEST authentication. These flaws weakened the JBoss Web HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064)\n\nA flaw was found in the way JBoss Web handled sendfile request attributes when using the HTTP APR (Apache Portable Runtime) or NIO (Non-Blocking I/O) connector. A malicious web application running on a JBoss Web instance could use this flaw to bypass security manager restrictions and gain access to files it would otherwise be unable to access, or possibly terminate the Java Virtual Machine (JVM).\n(CVE-2011-2526)\n\nRed Hat would like to thank NTT OSSC for reporting CVE-2011-4610;\noCERT for reporting CVE-2011-4858; and the Apache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858.\n\nWarning: Before applying this update, back up your JBoss Enterprise Application Platform's 'jboss-as/server/[PROFILE]/deploy/' directory, along with all other customized configuration files.\n\nUsers of JBoss Enterprise Application Platform 5.1.2 on Red Hat Enterprise Linux 4, 5, and 6 should upgrade to these updated packages, which correct these issues. The JBoss server process must be restarted for this update to take effect.", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : jbossweb (RHSA-2012:0074)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2526", "CVE-2011-4610", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jbossweb", "p-cpe:/a:redhat:enterprise_linux:jbossweb-el-1.0-api", "p-cpe:/a:redhat:enterprise_linux:jbossweb-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:jbossweb-lib", "p-cpe:/a:redhat:enterprise_linux:jbossweb-servlet-2.5-api", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2012-0074.NASL", "href": "https://www.tenable.com/plugins/nessus/64022", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0074. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64022);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2526\", \"CVE-2011-4610\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_xref(name:\"RHSA\", value:\"2012:0074\");\n\n script_name(english:\"RHEL 5 / 6 : jbossweb (RHSA-2012:0074)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated jbossweb packages that fix multiple security issues are now\navailable for JBoss Enterprise Application Platform 5.1.2 for Red Hat\nEnterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nJBoss Web is the web container, based on Apache Tomcat, in JBoss\nEnterprise Application Platform. It provides a single deployment\nplatform for the JavaServer Pages (JSP) and Java Servlet technologies.\n\nA flaw was found in the way JBoss Web handled UTF-8 surrogate pair\ncharacters. If JBoss Web was hosting an application with UTF-8\ncharacter encoding enabled, or that included user-supplied UTF-8\nstrings in a response, a remote attacker could use this flaw to cause\na denial of service (infinite loop) on the JBoss Web server.\n(CVE-2011-4610)\n\nIt was found that the Java hashCode() method implementation was\nsusceptible to predictable hash collisions. A remote attacker could\nuse this flaw to cause JBoss Web to use an excessive amount of CPU\ntime by sending an HTTP request with a large number of parameters\nwhose names map to the same hash value. This update introduces a limit\non the number of parameters and headers processed per request to\nmitigate this issue. The default limit is 512 for parameters and 128\nfor headers. These defaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in\n'jboss-as/server/[PROFILE]/deploy/properties-service.xml'.\n(CVE-2011-4858)\n\nIt was found that JBoss Web did not handle large numbers of parameters\nand large parameter values efficiently. A remote attacker could make a\nJBoss Web server use an excessive amount of CPU time by sending an\nHTTP request containing a large number of parameters or large\nparameter values. This update introduces limits on the number of\nparameters and headers processed per request to address this issue.\nRefer to the CVE-2011-4858 description for information about the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nMultiple flaws were found in the way JBoss Web handled HTTP DIGEST\nauthentication. These flaws weakened the JBoss Web HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses\nof HTTP BASIC authentication, for example, allowing remote attackers\nto perform session replay attacks. (CVE-2011-1184, CVE-2011-5062,\nCVE-2011-5063, CVE-2011-5064)\n\nA flaw was found in the way JBoss Web handled sendfile request\nattributes when using the HTTP APR (Apache Portable Runtime) or NIO\n(Non-Blocking I/O) connector. A malicious web application running on a\nJBoss Web instance could use this flaw to bypass security manager\nrestrictions and gain access to files it would otherwise be unable to\naccess, or possibly terminate the Java Virtual Machine (JVM).\n(CVE-2011-2526)\n\nRed Hat would like to thank NTT OSSC for reporting CVE-2011-4610;\noCERT for reporting CVE-2011-4858; and the Apache Tomcat project for\nreporting CVE-2011-2526. oCERT acknowledges Julian Walde and\nAlexander Klink as the original reporters of CVE-2011-4858.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's 'jboss-as/server/[PROFILE]/deploy/' directory,\nalong with all other customized configuration files.\n\nUsers of JBoss Enterprise Application Platform 5.1.2 on Red Hat\nEnterprise Linux 4, 5, and 6 should upgrade to these updated packages,\nwhich correct these issues. The JBoss server process must be restarted\nfor this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4610\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-el-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0074\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-2.1.12-3_patch_03.2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-el-1.0-api-2.1.12-3_patch_03.2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-jsp-2.1-api-2.1.12-3_patch_03.2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-lib-2.1.12-3_patch_03.2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-servlet-2.5-api-2.1.12-3_patch_03.2.ep5.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-2.1.12-3_patch_03.2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-el-1.0-api-2.1.12-3_patch_03.2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-jsp-2.1-api-2.1.12-3_patch_03.2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-lib-2.1.12-3_patch_03.2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-servlet-2.5-api-2.1.12-3_patch_03.2.ep5.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jbossweb / jbossweb-el-1.0-api / jbossweb-jsp-2.1-api / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-18T14:40:47", "description": "Updated tomcat5 packages that fix multiple security issues and two bugs are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nJBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime (APR) support for Tomcat. References in this text to APR refer to the Tomcat Native implementation, not any other apr package.\n\nThis update includes bug fixes as documented in JBPAPP-4873 and JBPAPP-6133. It also resolves the following security issues :\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor) and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ Protocol) connectors processed certain POST requests. An attacker could send a specially crafted request that would cause the connector to treat the message body as a new request. This allows arbitrary AJP messages to be injected, possibly allowing an attacker to bypass a web application's authentication checks and gain access to information they would otherwise be unable to access. The JK (org.apache.jk.server.JkCoyoteHandler) connector is used by default when the APR libraries are not present. The JK connector is not affected by this flaw. (CVE-2011-3190)\n\nIt was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue.\nThe default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values.\nThis update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204)\n\nA flaw was found in the way Tomcat handled sendfile request attributes when using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application running on a Tomcat instance could use this flaw to bypass security manager restrictions and gain access to files it would otherwise be unable to access, or possibly terminate the Java Virtual Machine (JVM). The HTTP NIO connector is used by default in JBoss Enterprise Web Server. (CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the Apache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858.\n\nUsers of Tomcat should upgrade to these updated packages, which resolve these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2014-11-08T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : JBoss Web Server (RHSA-2012:0680)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat5", "p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-eclipse", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-parent", "p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2012-0680.NASL", "href": "https://www.tenable.com/plugins/nessus/78924", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0680. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78924);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_bugtraq_id(48456, 48667, 49353, 49762, 51200, 51447);\n script_xref(name:\"RHSA\", value:\"2012:0680\");\n\n script_name(english:\"RHEL 5 / 6 : JBoss Web Server (RHSA-2012:0680)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat5 packages that fix multiple security issues and two\nbugs are now available for JBoss Enterprise Web Server 1.0.2 for Red\nHat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nJBoss Enterprise Web Server includes the Tomcat Native library,\nproviding Apache Portable Runtime (APR) support for Tomcat. References\nin this text to APR refer to the Tomcat Native implementation, not any\nother apr package.\n\nThis update includes bug fixes as documented in JBPAPP-4873 and\nJBPAPP-6133. It also resolves the following security issues :\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses\nof HTTP BASIC authentication, for example, allowing remote attackers\nto perform session replay attacks. (CVE-2011-1184, CVE-2011-5062,\nCVE-2011-5063, CVE-2011-5064)\n\nA flaw was found in the way the Coyote\n(org.apache.coyote.ajp.AjpProcessor) and APR\n(org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker\ncould send a specially crafted request that would cause the connector\nto treat the message body as a new request. This allows arbitrary AJP\nmessages to be injected, possibly allowing an attacker to bypass a web\napplication's authentication checks and gain access to information\nthey would otherwise be unable to access. The JK\n(org.apache.jk.server.JkCoyoteHandler) connector is used by default\nwhen the APR libraries are not present. The JK connector is not\naffected by this flaw. (CVE-2011-3190)\n\nIt was found that the Java hashCode() method implementation was\nsusceptible to predictable hash collisions. A remote attacker could\nuse this flaw to cause Tomcat to use an excessive amount of CPU time\nby sending an HTTP request with a large number of parameters whose\nnames map to the same hash value. This update introduces a limit on\nthe number of parameters processed per request to mitigate this issue.\nThe default limit is 512 for parameters and 128 for headers. These\ndefaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters\nand large parameter values efficiently. A remote attacker could make\nTomcat use an excessive amount of CPU time by sending an HTTP request\ncontaining a large number of parameters or large parameter values.\nThis update introduces limits on the number of parameters and headers\nprocessed per request to address this issue. Refer to the\nCVE-2011-4858 description for information about the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime\nexception occurred when creating a new user with a JMX client, that\nuser's password was logged to Tomcat log files. Note: By default, only\nadministrators have access to such log files. (CVE-2011-2204)\n\nA flaw was found in the way Tomcat handled sendfile request attributes\nwhen using the HTTP APR or NIO (Non-Blocking I/O) connector. A\nmalicious web application running on a Tomcat instance could use this\nflaw to bypass security manager restrictions and gain access to files\nit would otherwise be unable to access, or possibly terminate the Java\nVirtual Machine (JVM). The HTTP NIO connector is used by default in\nJBoss Enterprise Web Server. (CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the\nApache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges\nJulian Walde and Alexander Klink as the original reporters of\nCVE-2011-4858.\n\nUsers of Tomcat should upgrade to these updated packages, which\nresolve these issues. Tomcat must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-5.html\"\n );\n # https://issues.jboss.org/browse/JBPAPP-4873\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://issues.jboss.org/browse/JBPAPP-4873?_sscc=t\"\n );\n # https://issues.jboss.org/browse/JBPAPP-6133\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://issues.jboss.org/browse/JBPAPP-6133?_sscc=t\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0022\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-eclipse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0680\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"mod_cluster\") || rpm_exists(release:\"RHEL6\", rpm:\"mod_cluster\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss Web Server\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-5.5.33-27_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-admin-webapps-5.5.33-27_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-common-lib-5.5.33-27_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-jasper-5.5.33-27_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-jasper-eclipse-5.5.33-27_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-jasper-javadoc-5.5.33-27_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-jsp-2.0-api-5.5.33-27_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.33-27_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-parent-5.5.33-27_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-server-lib-5.5.33-27_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-servlet-2.4-api-5.5.33-27_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.33-27_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-webapps-5.5.33-27_patch_07.ep5.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-5.5.33-28_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-admin-webapps-5.5.33-28_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-common-lib-5.5.33-28_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-jasper-5.5.33-28_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-jasper-eclipse-5.5.33-28_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-jasper-javadoc-5.5.33-28_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-jsp-2.0-api-5.5.33-28_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.33-28_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-parent-5.5.33-28_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-server-lib-5.5.33-28_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-servlet-2.4-api-5.5.33-28_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.33-28_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-webapps-5.5.33-28_patch_07.ep5.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:20:45", "description": "Several vulnerabilities have been found in Tomcat, a servlet and JSP engine :\n\n - CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 The HTTP Digest Access Authentication implementation performed insufficient countermeasures against replay attacks.\n\n - CVE-2011-2204 In rare setups passwords were written into a logfile.\n\n - CVE-2011-2526 Missing input sanitising in the HTTP APR or HTTP NIO connectors could lead to denial of service.\n\n - CVE-2011-3190 AJP requests could be spoofed in some setups.\n\n - CVE-2011-3375 Incorrect request caching could lead to information disclosure.\n\n - CVE-2011-4858 CVE-2012-0022 This update adds countermeasures against a collision denial of service vulnerability in the Java hashtable implementation and addresses denial of service potentials when processing large amounts of requests.\n\nAdditional information can be found at", "cvss3": {}, "published": "2012-02-03T00:00:00", "type": "nessus", "title": "Debian DSA-2401-1 : tomcat6 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat6", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2401.NASL", "href": "https://www.tenable.com/plugins/nessus/57812", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2401. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57812);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_bugtraq_id(48456, 48667, 49353, 49762, 51200, 51442, 51447);\n script_xref(name:\"DSA\", value:\"2401\");\n\n script_name(english:\"Debian DSA-2401-1 : tomcat6 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been found in Tomcat, a servlet and JSP\nengine :\n\n - CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064\n The HTTP Digest Access Authentication implementation\n performed insufficient countermeasures against replay\n attacks.\n\n - CVE-2011-2204\n In rare setups passwords were written into a logfile.\n\n - CVE-2011-2526\n Missing input sanitising in the HTTP APR or HTTP NIO\n connectors could lead to denial of service.\n\n - CVE-2011-3190\n AJP requests could be spoofed in some setups.\n\n - CVE-2011-3375\n Incorrect request caching could lead to information\n disclosure.\n\n - CVE-2011-4858 CVE-2012-0022\n This update adds countermeasures against a collision\n denial of service vulnerability in the Java hashtable\n implementation and addresses denial of service\n potentials when processing large amounts of requests.\n\nAdditional information can be found at\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-5062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-5063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-5064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/tomcat6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2401\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat6 packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6.0.35-1+squeeze2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libservlet2.5-java\", reference:\"6.0.35-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libservlet2.5-java-doc\", reference:\"6.0.35-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtomcat6-java\", reference:\"6.0.35-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6\", reference:\"6.0.35-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-admin\", reference:\"6.0.35-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-common\", reference:\"6.0.35-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-docs\", reference:\"6.0.35-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-examples\", reference:\"6.0.35-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-user\", reference:\"6.0.35-1+squeeze2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:40:17", "description": "Updated tomcat6 packages that fix multiple security issues and three bugs are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container.\n\nJBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime (APR) support for Tomcat. References in this text to APR refer to the Tomcat Native implementation, not any other apr package.\n\nThis update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs.\nIt also resolves the following security issues :\n\nMultiple flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor) and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ Protocol) connectors processed certain POST requests. An attacker could send a specially crafted request that would cause the connector to treat the message body as a new request. This allows arbitrary AJP messages to be injected, possibly allowing an attacker to bypass a web application's authentication checks and gain access to information they would otherwise be unable to access. The JK (org.apache.jk.server.JkCoyoteHandler) connector is used by default when the APR libraries are not present. The JK connector is not affected by this flaw. (CVE-2011-3190)\n\nA flaw in the way Tomcat recycled objects that contain data from user requests (such as IP addresses and HTTP headers) when certain errors occurred. If a user sent a request that caused an error to be logged, Tomcat would return a reply to the next request (which could be sent by a different user) with data from the first user's request, leading to information disclosure. Under certain conditions, a remote attacker could leverage this flaw to hijack sessions. (CVE-2011-3375)\n\nThe Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nTomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nA flaw in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204)\n\nA flaw in the way Tomcat handled sendfile request attributes when using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application running on a Tomcat instance could use this flaw to bypass security manager restrictions and gain access to files it would otherwise be unable to access, or possibly terminate the Java Virtual Machine (JVM). The HTTP NIO connector is used by default in JBoss Enterprise Web Server. (CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the Apache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858.", "cvss3": {}, "published": "2014-11-08T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : JBoss Web Server (RHSA-2012:0682)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat6-el-1.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat6-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2012-0682.NASL", "href": "https://www.tenable.com/plugins/nessus/78925", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0682. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78925);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_bugtraq_id(48456, 48667, 49353, 49762, 51200, 51442, 51447);\n script_xref(name:\"RHSA\", value:\"2012:0682\");\n\n script_name(english:\"RHEL 5 / 6 : JBoss Web Server (RHSA-2012:0682)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat6 packages that fix multiple security issues and three\nbugs are now available for JBoss Enterprise Web Server 1.0.2 for Red\nHat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container.\n\nJBoss Enterprise Web Server includes the Tomcat Native library,\nproviding Apache Portable Runtime (APR) support for Tomcat. References\nin this text to APR refer to the Tomcat Native implementation, not any\nother apr package.\n\nThis update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs.\nIt also resolves the following security issues :\n\nMultiple flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform\nsession replay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063,\nCVE-2011-5064)\n\nA flaw was found in the way the Coyote\n(org.apache.coyote.ajp.AjpProcessor) and APR\n(org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker\ncould send a specially crafted request that would cause the connector\nto treat the message body as a new request. This allows arbitrary AJP\nmessages to be injected, possibly allowing an attacker to bypass a web\napplication's authentication checks and gain access to information\nthey would otherwise be unable to access. The JK\n(org.apache.jk.server.JkCoyoteHandler) connector is used by default\nwhen the APR libraries are not present. The JK connector is not\naffected by this flaw. (CVE-2011-3190)\n\nA flaw in the way Tomcat recycled objects that contain data from user\nrequests (such as IP addresses and HTTP headers) when certain errors\noccurred. If a user sent a request that caused an error to be logged,\nTomcat would return a reply to the next request (which could be sent\nby a different user) with data from the first user's request, leading\nto information disclosure. Under certain conditions, a remote attacker\ncould leverage this flaw to hijack sessions. (CVE-2011-3375)\n\nThe Java hashCode() method implementation was susceptible to\npredictable hash collisions. A remote attacker could use this flaw to\ncause Tomcat to use an excessive amount of CPU time by sending an HTTP\nrequest with a large number of parameters whose names map to the same\nhash value. This update introduces a limit on the number of parameters\nprocessed per request to mitigate this issue. The default limit is 512\nfor parameters and 128 for headers. These defaults can be changed by\nsetting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nTomcat did not handle large numbers of parameters and large parameter\nvalues efficiently. A remote attacker could make Tomcat use an\nexcessive amount of CPU time by sending an HTTP request containing a\nlarge number of parameters or large parameter values. This update\nintroduces limits on the number of parameters and headers processed\nper request to address this issue. Refer to the CVE-2011-4858\ndescription for information about the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nA flaw in the Tomcat MemoryUserDatabase. If a runtime exception\noccurred when creating a new user with a JMX client, that user's\npassword was logged to Tomcat log files. Note: By default, only\nadministrators have access to such log files. (CVE-2011-2204)\n\nA flaw in the way Tomcat handled sendfile request attributes when\nusing the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious\nweb application running on a Tomcat instance could use this flaw to\nbypass security manager restrictions and gain access to files it would\notherwise be unable to access, or possibly terminate the Java Virtual\nMachine (JVM). The HTTP NIO connector is used by default in JBoss\nEnterprise Web Server. (CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the\nApache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges\nJulian Walde and Alexander Klink as the original reporters of\nCVE-2011-4858.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-6.html\"\n );\n # https://issues.jboss.org/browse/JBPAPP-4873\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://issues.jboss.org/browse/JBPAPP-4873?_sscc=t\"\n );\n # https://issues.jboss.org/browse/JBPAPP-6133\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://issues.jboss.org/browse/JBPAPP-6133?_sscc=t\"\n );\n # https://issues.jboss.org/browse/JBPAPP-6852\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://issues.jboss.org/browse/JBPAPP-6852?_sscc=t\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3375\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0682\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"mod_cluster\") || rpm_exists(release:\"RHEL6\", rpm:\"mod_cluster\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss Web Server\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-6.0.32-24_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-admin-webapps-6.0.32-24_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-docs-webapp-6.0.32-24_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-el-1.0-api-6.0.32-24_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-javadoc-6.0.32-24_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-jsp-2.1-api-6.0.32-24_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-lib-6.0.32-24_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-log4j-6.0.32-24_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-servlet-2.5-api-6.0.32-24_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-webapps-6.0.32-24_patch_07.ep5.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-6.0.32-24_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-admin-webapps-6.0.32-24_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-docs-webapp-6.0.32-24_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-el-1.0-api-6.0.32-24_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-javadoc-6.0.32-24_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-jsp-2.1-api-6.0.32-24_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-lib-6.0.32-24_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-log4j-6.0.32-24_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-servlet-2.5-api-6.0.32-24_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-webapps-6.0.32-24_patch_07.ep5.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:28:14", "description": "According to its self-reported version number, the instance of Apache Tomcat 7.0.12 or 7.0.13 listening on the remote host is affected by a security constraint bypass vulnerability.\n\nFixes for CVE-2011-1088 and CVE-2011-1183 introduced an error in 'core/StandardWrapper.java' which allows an incorrect class loader to be used. The effect of this is that security constraints configured through annotations are ignored on the initial request to a servlet.\nHowever, further requests are secured properly.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2011-05-18T00:00:00", "type": "nessus", "title": "Apache Tomcat 7.0.12 / 7.0.13 Security Constraint Bypass", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1088", "CVE-2011-1183", "CVE-2011-1582"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_7_0_14.NASL", "href": "https://www.tenable.com/plugins/nessus/54301", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(54301);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2011-1582\");\n script_bugtraq_id(47886);\n script_xref(name:\"SECUNIA\", value:\"44612\");\n\n script_name(english:\"Apache Tomcat 7.0.12 / 7.0.13 Security Constraint Bypass\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by a security constraint bypass\nvulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 7.0.12 or 7.0.13 listening on the remote host is affected\nby a security constraint bypass vulnerability.\n\nFixes for CVE-2011-1088 and CVE-2011-1183 introduced an error in\n'core/StandardWrapper.java' which allows an incorrect class loader to\nbe used. The effect of this is that security constraints configured\nthrough annotations are ignored on the initial request to a servlet.\nHowever, further requests are secured properly.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n # http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.14_%28released_12_May_2011%29\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1a1f0794\");\n script_set_attribute(attribute:\"see_also\", value:\"http://svn.apache.org/viewvc?view=revision&revision=1100832\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2011/May/134\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 7.0.14 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-1582\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"7.0.14\", min:\"7.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^7(\\.0)?$\");\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:38:23", "description": "Permission on {basedir} required changing to 0775 from 0765. =\n\nCVE-2011-1184 - rhbz 741407 - Multiple weaknesses in HTTP DIGEST authentica= tion\n----------------------------------------------------------------------\n-----=\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-11-14T00:00:00", "type": "nessus", "title": "Fedora 15 : tomcat6-6.0.32-10.fc15 (2011-15005)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tomcat6", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-15005.NASL", "href": "https://www.tenable.com/plugins/nessus/56791", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-15005.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56791);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1184\");\n script_bugtraq_id(49762);\n script_xref(name:\"FEDORA\", value:\"2011-15005\");\n\n script_name(english:\"Fedora 15 : tomcat6-6.0.32-10.fc15 (2011-15005)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Permission on {basedir} required changing to 0775 from 0765. =\n\nCVE-2011-1184 - rhbz 741407 - Multiple weaknesses in HTTP DIGEST\nauthentica= tion\n----------------------------------------------------------------------\n-----=\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=741407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=748015\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-November/069006.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ed8afa82\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"tomcat6-6.0.32-10.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:29:02", "description": "Update to tomcat 6.0.35 CVE-2011-1184 multiple weaknesses in HTTP DIGEST authentication\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-08-10T00:00:00", "type": "nessus", "title": "Fedora 16 : tomcat6-6.0.35-1.fc16 (2012-7593)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tomcat6", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-7593.NASL", "href": "https://www.tenable.com/plugins/nessus/61479", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-7593.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61479);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1184\");\n script_bugtraq_id(49762);\n script_xref(name:\"FEDORA\", value:\"2012-7593\");\n\n script_name(english:\"Fedora 16 : tomcat6-6.0.35-1.fc16 (2012-7593)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to tomcat 6.0.35 CVE-2011-1184 multiple weaknesses in HTTP\nDIGEST authentication\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=741407\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-August/084801.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?32417ed1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"tomcat6-6.0.35-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:24:47", "description": "The remote host is affected by the vulnerability described in GLSA-201206-24 (Apache Tomcat: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details.\n Impact :\n\n The vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server’s hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "baseScore": 4.2, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2012-06-25T00:00:00", "type": "nessus", "title": "GLSA-201206-24 : Apache Tomcat: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2010-1157", "CVE-2010-2227", "CVE-2010-3718", "CVE-2010-4172", "CVE-2010-4312", "CVE-2011-0013", "CVE-2011-0534", "CVE-2011-1088", "CVE-2011-1183", "CVE-2011-1184", "CVE-2011-1419", "CVE-2011-1475", "CVE-2011-1582", "CVE-2011-2204", "CVE-2011-2481", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:tomcat", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201206-24.NASL", "href": "https://www.tenable.com/plugins/nessus/59677", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201206-24.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59677);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2010-4312\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-1088\", \"CVE-2011-1183\", \"CVE-2011-1184\", \"CVE-2011-1419\", \"CVE-2011-1475\", \"CVE-2011-1582\", \"CVE-2011-2204\", \"CVE-2011-2481\", \"CVE-2011-2526\", \"CVE-2011-2729\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_bugtraq_id(35193, 35196, 35263, 35416, 37942, 37944, 37945, 39635, 41544, 45015, 46164, 46174, 46177, 46685, 47196, 47199, 47886, 48456, 48667, 49143, 49147, 49353, 49762, 51200, 51442, 51447);\n script_xref(name:\"GLSA\", value:\"201206-24\");\n\n script_name(english:\"GLSA-201206-24 : Apache Tomcat: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201206-24\n(Apache Tomcat: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Apache Tomcat. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n The vulnerabilities allow an attacker to cause a Denial of Service, to\n hijack a session, to bypass authentication, to inject webscript, to\n enumerate valid usernames, to read, modify and overwrite arbitrary files,\n to bypass intended access restrictions, to delete work-directory files,\n to discover the server’s hostname or IP, to bypass read permissions for\n files or HTTP headers, to read or write files outside of the intended\n working directory, and to obtain sensitive information by reading a log\n file.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201206-24\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Apache Tomcat 6.0.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-6.0.35'\n All Apache Tomcat 7.0.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-7.0.23'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 22, 79, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/tomcat\", unaffected:make_list(\"rge 6.0.35\", \"ge 7.0.23\", \"rge 6.0.44\", \"rge 6.0.45\", \"rge 6.0.46\", \"rge 6.0.47\", \"rge 6.0.48\"), vulnerable:make_list(\"lt 7.0.23\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache Tomcat\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:25:30", "description": "According to its self-reported version number, the instance of Apache Tomcat 7.x listening on the remote host is prior to 7.0.11, It is, therefore affected by a security bypass vulnerability.\n\nWhen a web application is started, 'ServletSecurity' annotations might be ignored which could lead to some areas of the applications not being protected as expected.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2011-03-11T00:00:00", "type": "nessus", "title": "Apache Tomcat 7.x < 7.0.11 @ServletSecurity Annotation Security Bypass", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1088", "CVE-2011-1419"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_7_0_11.NASL", "href": "https://www.tenable.com/plugins/nessus/52634", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52634);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2011-1088\", \"CVE-2011-1419\");\n script_bugtraq_id(46685);\n script_xref(name:\"SECUNIA\", value:\"43684\");\n\n script_name(english:\"Apache Tomcat 7.x < 7.0.11 @ServletSecurity Annotation Security Bypass\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 7.x listening on the remote host is prior to 7.0.11, It is,\ntherefore affected by a security bypass vulnerability.\n\nWhen a web application is started, 'ServletSecurity' annotations might\nbe ignored which could lead to some areas of the applications not\nbeing protected as expected.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n # http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.11_(released_11_Mar_2011)\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e95c3250\");\n # http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106@apache.org%3E\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dfd5efff\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 7.0.11 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-1088\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"7.0.11\", min:\"7.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^7(\\.0)?$\");\n\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T14:24:47", "description": "According to its self-reported version number, the instance of Apache Tomcat 7.x listening on the remote host is prior to 7.0.11, It is, therefore affected by a security bypass vulnerability.\n\nWhen a web application is started, 'ServletSecurity' annotations might be ignored which could lead to some areas of the applications not being protected as expected.\n\nNote that Nessus Network Monitor has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2011-03-11T00:00:00", "type": "nessus", "title": "Apache Tomcat 7.0.x < 7.0.11 Security Bypass Vulnerability", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1088", "CVE-2011-1419"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "5816.PASL", "href": "https://www.tenable.com/plugins/nnm/5816", "sourceData": "Binary data 5816.pasl", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T14:24:41", "description": "Versions of Tomcat 7.0.x earlier than 7.0.11 are potentially affected by a security bypass vulnerability. When a web application is started, 'ServletSecurity' annotations might be ignored which could lead to some areas of the application not being protected as expected.", "cvss3": {}, "published": "2011-03-11T00:00:00", "type": "nessus", "title": "Apache Tomcat 7.0.x < 7.0.11 Security Bypass Vulnerability", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1088", "CVE-2011-1419"], "modified": "2011-03-11T00:00:00", "cpe": [], "id": "800610.PRM", "href": "https://www.tenable.com/plugins/lce/800610", "sourceData": "Binary data 800610.prm", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T14:59:34", "description": "Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.\n\nThe HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.\n\nApache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.", "cvss3": {}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat6 (ALAS-2011-25)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-3190"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat6", "p-cpe:/a:amazon:linux:tomcat6-admin-webapps", "p-cpe:/a:amazon:linux:tomcat6-docs-webapp", "p-cpe:/a:amazon:linux:tomcat6-el-2.1-api", "p-cpe:/a:amazon:linux:tomcat6-javadoc", "p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api", "p-cpe:/a:amazon:linux:tomcat6-lib", "p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api", "p-cpe:/a:amazon:linux:tomcat6-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2011-25.NASL", "href": "https://www.tenable.com/plugins/nessus/69584", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2011-25.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69584);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-3190\");\n script_xref(name:\"ALAS\", value:\"2011-25\");\n\n script_name(english:\"Amazon Linux AMI : tomcat6 (ALAS-2011-25)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Certain AJP protocol connector implementations in Apache Tomcat 7.0.0\nthrough 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and\npossibly other versions allow remote attackers to spoof AJP requests,\nbypass authentication, and obtain sensitive information by causing the\nconnector to interpret a request body as a new request.\n\nThe HTTP Digest Access Authentication implementation in Apache Tomcat\n5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not\nhave the expected countermeasures against replay attacks, which makes\nit easier for remote attackers to bypass intended access restrictions\nby sniffing the network for valid requests, related to lack of\nchecking of nonce (aka server nonce) and nc (aka nonce-count or client\nnonce count) values.\n\nApache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before\n7.0.17, when the MemoryUserDatabase is used, creates log entries\ncontaining passwords upon encountering errors in JMX user creation,\nwhich allows local users to obtain sensitive information by reading a\nlog file.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2011-25.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update tomcat6' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-6.0.33-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-admin-webapps-6.0.33-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-docs-webapp-6.0.33-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-el-2.1-api-6.0.33-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-javadoc-6.0.33-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-jsp-2.1-api-6.0.33-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-lib-6.0.33-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-servlet-2.5-api-6.0.33-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-webapps-6.0.33-1.26.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:38:34", "description": "It was discovered that Tomcat incorrectly implemented HTTP DIGEST authentication. An attacker could use this flaw to perform a variety of authentication attacks. (CVE-2011-1184)\n\nPolina Genova discovered that Tomcat incorrectly created log entries with passwords when encountering errors during JMX user creation. A local attacker could possibly use this flaw to obtain sensitive information. This issue only affected Ubuntu 10.04 LTS, 10.10 and 11.04. (CVE-2011-2204)\n\nIt was discovered that Tomcat incorrectly validated certain request attributes when sendfile is enabled. A local attacker could bypass intended restrictions, or cause the JVM to crash, resulting in a denial of service. (CVE-2011-2526)\n\nIt was discovered that Tomcat incorrectly handled certain AJP requests. A remote attacker could use this flaw to spoof requests, bypass authentication, and obtain sensitive information. This issue only affected Ubuntu 10.04 LTS, 10.10 and 11.04. (CVE-2011-3190).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-11-09T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : tomcat6 vulnerabilities (USN-1252-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10"], "id": "UBUNTU_USN-1252-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56746", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1252-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56746);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\");\n script_bugtraq_id(48456, 48667, 49353, 49762);\n script_xref(name:\"USN\", value:\"1252-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : tomcat6 vulnerabilities (USN-1252-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Tomcat incorrectly implemented HTTP DIGEST\nauthentication. An attacker could use this flaw to perform a variety\nof authentication attacks. (CVE-2011-1184)\n\nPolina Genova discovered that Tomcat incorrectly created log entries\nwith passwords when encountering errors during JMX user creation. A\nlocal attacker could possibly use this flaw to obtain sensitive\ninformation. This issue only affected Ubuntu 10.04 LTS, 10.10 and\n11.04. (CVE-2011-2204)\n\nIt was discovered that Tomcat incorrectly validated certain request\nattributes when sendfile is enabled. A local attacker could bypass\nintended restrictions, or cause the JVM to crash, resulting in a\ndenial of service. (CVE-2011-2526)\n\nIt was discovered that Tomcat incorrectly handled certain AJP\nrequests. A remote attacker could use this flaw to spoof requests,\nbypass authentication, and obtain sensitive information. This issue\nonly affected Ubuntu 10.04 LTS, 10.10 and 11.04. (CVE-2011-3190).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1252-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtomcat6-java package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.24-2ubuntu1.9\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.28-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.28-10ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.32-5ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtomcat6-java\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:36:28", "description": "Multiple vulnerabilities has been discovered and corrected in tomcat 5.5.x :\n\nThe implementation of HTTP DIGEST authentication in tomcat was discovered to have several weaknesses (CVE-2011-1184).\n\nApache Tomcat, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file (CVE-2011-2204).\n\nApache Tomcat, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application (CVE-2011-2526).\n\nCertain AJP protocol connector implementations in Apache Tomcat allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request (CVE-2011-3190).\n\nThe updated packages have been patched to correct these issues.", "cvss3": {}, "published": "2011-10-19T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : tomcat5 (MDVSA-2011:156)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:tomcat5", "p-cpe:/a:mandriva:linux:tomcat5-admin-webapps", "p-cpe:/a:mandriva:linux:tomcat5-common-lib", "p-cpe:/a:mandriva:linux:tomcat5-jasper", "p-cpe:/a:mandriva:linux:tomcat5-jasper-eclipse", "p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-server-lib", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-webapps", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2011-156.NASL", "href": "https://www.tenable.com/plugins/nessus/56551", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:156. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56551);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\");\n script_bugtraq_id(48456, 48667, 49353, 49762);\n script_xref(name:\"MDVSA\", value:\"2011:156\");\n\n script_name(english:\"Mandriva Linux Security Advisory : tomcat5 (MDVSA-2011:156)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in tomcat\n5.5.x :\n\nThe implementation of HTTP DIGEST authentication in tomcat was\ndiscovered to have several weaknesses (CVE-2011-1184).\n\nApache Tomcat, when the MemoryUserDatabase is used, creates log\nentries containing passwords upon encountering errors in JMX user\ncreation, which allows local users to obtain sensitive information by\nreading a log file (CVE-2011-2204).\n\nApache Tomcat, when sendfile is enabled for the HTTP APR or HTTP NIO\nconnector, does not validate certain request attributes, which allows\nlocal users to bypass intended file access restrictions or cause a\ndenial of service (infinite loop or JVM crash) by leveraging an\nuntrusted web application (CVE-2011-2526).\n\nCertain AJP protocol connector implementations in Apache Tomcat allow\nremote attackers to spoof AJP requests, bypass authentication, and\nobtain sensitive information by causing the connector to interpret a\nrequest body as a new request (CVE-2011-3190).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-5.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper-eclipse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-5.5.28-0.5.0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-admin-webapps-5.5.28-0.5.0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-common-lib-5.5.28-0.5.0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jasper-5.5.28-0.5.0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jasper-eclipse-5.5.28-0.5.0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jasper-javadoc-5.5.28-0.5.0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jsp-2.0-api-5.5.28-0.5.0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-server-lib-5.5.28-0.5.0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-servlet-2.4-api-5.5.28-0.5.0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.3mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-webapps-5.5.28-0.5.0.3mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:25:42", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was found that web applications could modify the location of the Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web application could use this flaw to trick Tomcat into giving it read and write access to an arbitrary directory on the file system.\n(CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager application, used for managing web applications on Apache Tomcat. A malicious web application could use this flaw to conduct an XSS attack, leading to arbitrary web script execution with the privileges of victims who are logged into and viewing Manager application web pages. (CVE-2011-0013)\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204)\n\nUsers of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718", "CVE-2011-0013", "CVE-2011-1184", "CVE-2011-2204"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20111220_TOMCAT5_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61211", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61211);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-1184\", \"CVE-2011-2204\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that web applications could modify the location of the\nTomcat host's work directory. As web applications deployed on Tomcat\nhave read and write access to this directory, a malicious web\napplication could use this flaw to trick Tomcat into giving it read\nand write access to an arbitrary directory on the file system.\n(CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager\napplication, used for managing web applications on Apache Tomcat. A\nmalicious web application could use this flaw to conduct an XSS\nattack, leading to arbitrary web script execution with the privileges\nof victims who are logged into and viewing Manager application web\npages. (CVE-2011-0013)\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses\nof HTTP BASIC authentication, for example, allowing remote attackers\nto perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime\nexception occurred when creating a new user with a JMX client, that\nuser's password was logged to Tomcat log files. Note: By default, only\nadministrators have access to such log files. (CVE-2011-2204)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1112&L=scientific-linux-errata&T=0&P=3772\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?da560124\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-debuginfo-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jasper-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-webapps-5.5.23-0jpp.22.el5_7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:25:45", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nAPR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and CVE-2011-2526 descriptions does not refer to APR provided by the apr packages. It refers to the implementation of APR provided by the Tomcat Native library, which provides support for using APR with Tomcat. This library is not shipped with Scientific Linux 6. This update includes fixes for users who have elected to use APR with Tomcat by taking the Tomcat Native library from a different product.\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor) and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ Protocol) connectors processed certain POST requests. An attacker could send a specially crafted request that would cause the connector to treat the message body as a new request. This allows arbitrary AJP messages to be injected, possibly allowing an attacker to bypass a web application's authentication checks and gain access to information they would otherwise be unable to access. The JK (org.apache.jk.server.JkCoyoteHandler) connector is used by default when the APR libraries are not present. The JK connector is not affected by this flaw. (CVE-2011-3190)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204)\n\nA flaw was found in the way Tomcat handled sendfile request attributes when using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application running on a Tomcat instance could use this flaw to bypass security manager restrictions and gain access to files it would otherwise be unable to access, or possibly terminate the Java Virtual Machine (JVM). The HTTP blocking IO (BIO) connector, which is not vulnerable to this issue, is used by default in Scientific Linux 6. (CVE-2011-2526)\n\nThis update also fixes the following bug :\n\n - Previously, in certain cases, if 'LANG=fr_FR' or 'LANG=fr_FR.UTF-8' was set as an environment variable or in '/etc/sysconfig/tomcat6' on 64-bit PowerPC systems, Tomcat may have failed to start correctly. With this update, Tomcat works as expected when LANG is set to 'fr_FR' or 'fr_FR.UTF-8'.\n\nUsers of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat6 on SL6.x", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20111205_TOMCAT6_ON_SL6.NASL", "href": "https://www.tenable.com/plugins/nessus/61184", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61184);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat6 on SL6.x\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nAPR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and\nCVE-2011-2526 descriptions does not refer to APR provided by the apr\npackages. It refers to the implementation of APR provided by the\nTomcat Native library, which provides support for using APR with\nTomcat. This library is not shipped with Scientific Linux 6. This\nupdate includes fixes for users who have elected to use APR with\nTomcat by taking the Tomcat Native library from a different product.\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses\nof HTTP BASIC authentication, for example, allowing remote attackers\nto perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the way the Coyote\n(org.apache.coyote.ajp.AjpProcessor) and APR\n(org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker\ncould send a specially crafted request that would cause the connector\nto treat the message body as a new request. This allows arbitrary AJP\nmessages to be injected, possibly allowing an attacker to bypass a web\napplication's authentication checks and gain access to information\nthey would otherwise be unable to access. The JK\n(org.apache.jk.server.JkCoyoteHandler) connector is used by default\nwhen the APR libraries are not present. The JK connector is not\naffected by this flaw. (CVE-2011-3190)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime\nexception occurred when creating a new user with a JMX client, that\nuser's password was logged to Tomcat log files. Note: By default, only\nadministrators have access to such log files. (CVE-2011-2204)\n\nA flaw was found in the way Tomcat handled sendfile request attributes\nwhen using the HTTP APR or NIO (Non-Blocking I/O) connector. A\nmalicious web application running on a Tomcat instance could use this\nflaw to bypass security manager restrictions and gain access to files\nit would otherwise be unable to access, or possibly terminate the Java\nVirtual Machine (JVM). The HTTP blocking IO (BIO) connector, which is\nnot vulnerable to this issue, is used by default in Scientific Linux\n6. (CVE-2011-2526)\n\nThis update also fixes the following bug :\n\n - Previously, in certain cases, if 'LANG=fr_FR' or\n 'LANG=fr_FR.UTF-8' was set as an environment variable or\n in '/etc/sysconfig/tomcat6' on 64-bit PowerPC systems,\n Tomcat may have failed to start correctly. With this\n update, Tomcat works as expected when LANG is set to\n 'fr_FR' or 'fr_FR.UTF-8'.\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1112&L=scientific-linux-errata&T=0&P=482\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ccd658c1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-6.0.24-35.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-admin-webapps-6.0.24-35.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-docs-webapp-6.0.24-35.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-el-2.1-api-6.0.24-35.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-javadoc-6.0.24-35.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-35.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-lib-6.0.24-35.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-35.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-webapps-6.0.24-35.el6_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:47:11", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - java/org/apache/coyote/http11/InternalNioInputBuffer.jav a in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data. (CVE-2012-2733)\n\n - org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI. (CVE-2012-3546)\n\n - org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier. (CVE-2012-4431)\n\n - org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response. (CVE-2012-4534)\n\n - The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184. (CVE-2012-5885)\n\n - The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID. (CVE-2012-5886)\n\n - The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests. (CVE-2012-5887)", "cvss3": {}, "published": "2015-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_apache_tomcat3)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2012-2733", "CVE-2012-3546", "CVE-2012-4431", "CVE-2012-4534", "CVE-2012-5885", "CVE-2012-5886", "CVE-2012-5887"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.1", "p-cpe:/a:oracle:solaris:tomcat"], "id": "SOLARIS11_TOMCAT_20140401.NASL", "href": "https://www.tenable.com/plugins/nessus/80791", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80791);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-2733\", \"CVE-2012-3546\", \"CVE-2012-4431\", \"CVE-2012-4534\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_apache_tomcat3)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - java/org/apache/coyote/http11/InternalNioInputBuffer.jav\n a in the HTTP NIO connector in Apache Tomcat 6.x before\n 6.0.36 and 7.x before 7.0.28 does not properly restrict\n the request-header size, which allows remote attackers\n to cause a denial of service (memory consumption) via a\n large amount of header data. (CVE-2012-2733)\n\n - org/apache/catalina/realm/RealmBase.java in Apache\n Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when\n FORM authentication is used, allows remote attackers to\n bypass security-constraint checks by leveraging a\n previous setUserPrincipal call and then placing\n /j_security_check at the end of a URI. (CVE-2012-3546)\n\n - org/apache/catalina/filters/CsrfPreventionFilter.java in\n Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32\n allows remote attackers to bypass the cross-site request\n forgery (CSRF) protection mechanism via a request that\n lacks a session identifier. (CVE-2012-4431)\n\n - org/apache/tomcat/util/net/NioEndpoint.java in Apache\n Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the\n NIO connector is used in conjunction with sendfile and\n HTTPS, allows remote attackers to cause a denial of\n service (infinite loop) by terminating the connection\n during the reading of a response. (CVE-2012-4534)\n\n - The replay-countermeasure functionality in the HTTP\n Digest Access Authentication implementation in Apache\n Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x\n before 7.0.30 tracks cnonce (aka client nonce) values\n instead of nonce (aka server nonce) and nc (aka\n nonce-count) values, which makes it easier for remote\n attackers to bypass intended access restrictions by\n sniffing the network for valid requests, a different\n vulnerability than CVE-2011-1184. (CVE-2012-5885)\n\n - The HTTP Digest Access Authentication implementation in\n Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36,\n and 7.x before 7.0.30 caches information about the\n authenticated user within the session state, which makes\n it easier for remote attackers to bypass authentication\n via vectors related to the session ID. (CVE-2012-5886)\n\n - The HTTP Digest Access Authentication implementation in\n Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36,\n and 7.x before 7.0.30 does not properly check for stale\n nonce values in conjunction with enforcement of proper\n credentials, which makes it easier for remote attackers\n to bypass intended access restrictions by sniffing the\n network for valid requests. (CVE-2012-5887)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-apache-tomcat\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ce09309a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.4.5.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:tomcat\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^tomcat$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.4.0.5.0\", sru:\"SRU 4.5\") > 0) flag++;\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSRF', value:TRUE);\n error_extra = 'Affected package : tomcat\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"tomcat\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:38:50", "description": "The host is running Apache Tomcat Server and is prone to multiple\n security bypass vulnerabilities.", "cvss3": {}, "published": "2012-01-16T00:00:00", "type": "openvas", "title": "Apache Tomcat Multiple Security Bypass Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-5063", "CVE-2011-5062", "CVE-2011-1184", "CVE-2011-5064"], "modified": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310802415", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802415", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat Multiple Security Bypass Vulnerabilities (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802415\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\");\n script_bugtraq_id(49762);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-01-16 15:35:35 +0530 (Mon, 16 Jan 2012)\");\n script_name(\"Apache Tomcat Multiple Security Bypass Vulnerabilities (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_windows\");\n\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-5.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html\");\n script_xref(name:\"URL\", value:\"http://svn.apache.org/viewvc?view=revision&revision=1158180\");\n script_xref(name:\"URL\", value:\"http://svn.apache.org/viewvc?view=revision&revision=1159309\");\n script_xref(name:\"URL\", value:\"http://svn.apache.org/viewvc?view=revision&revision=1087655\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allows remote attackers to bypass intended\n access restrictions or gain sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat 5.5.x to 5.5.33, 6.x to 6.0.32 and 7.x to 7.0.11 on Windows.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to errors in the HTTP Digest Access Authentication\n implementation,\n\n - which fails to check 'qop' and 'realm' values and allows to bypass\n access restrictions.\n\n - Catalina used as the hard-coded server secret in the\n DigestAuthenticator.java bypasses cryptographic protection mechanisms.\n\n - which fails to have the expected countermeasures against replay attacks.\");\n\n script_tag(name:\"summary\", value:\"The host is running Apache Tomcat Server and is prone to multiple\n security bypass vulnerabilities.\");\n\n script_tag(name:\"solution\", value:\"Upgrade Apache Tomcat to 5.5.34, 6.0.33, 7.0.12 or later.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"5.5.0\", test_version2:\"5.5.33\" ) ||\n version_in_range( version:vers, test_version:\"6.0.0\", test_version2:\"6.0.32\" ) ||\n version_in_range( version:vers, test_version:\"7.0.0\", test_version2:\"7.0.11\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"5.5.34/6.0.33/7.0.12\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-31T18:41:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-02T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for tomcat6 (openSUSE-SU-2012:0208-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-5063", "CVE-2011-5062", "CVE-2011-1184", "CVE-2011-5064"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850210", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850210", "sourceData": "# Copyright (C) 2012 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850210\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-08-02 20:47:11 +0530 (Thu, 02 Aug 2012)\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"openSUSE-SU\", value:\"2012:0208-1\");\n script_name(\"openSUSE: Security Advisory for tomcat6 (openSUSE-SU-2012:0208-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE11\\.4\");\n\n script_tag(name:\"affected\", value:\"tomcat6 on openSUSE 11.4\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"insight\", value:\"This update fixes a regression in parameter passing (in\n urldecoding of parameters that contain spaces).\n\n In addition, multiple weaknesses in HTTP DIGESTS are fixed\n (CVE-2011-1184).\n\n\n CVE-2011-5062: The HTTP Digest Access Authentication\n implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x\n before 6.0.33 and 7.x before 7.0.12 does not check qop\n values, which might allow remote attackers to bypass\n intended integrity-protection requirements via a qop=auth\n value, a different vulnerability than CVE-2011-1184.\n\n CVE-2011-5063: The HTTP Digest Access Authentication\n implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x\n before 6.0.33, and 7.x before 7.0.12 does not check realm\n values, which might allow remote attackers to bypass\n intended access restrictions by leveraging the availability\n of a protection space with weaker authentication or\n authorization requirements, a different vulnerability than\n CVE-2011-1184.\n\n CVE-2011-5064: DigestAuthenticator.java in the HTTP Digest\n Access Authentication implementation in Apache Tomcat 5.5.x\n before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12\n uses Catalina as the hard-coded server secret (aka private\n key), which makes it easier for remote attackers to bypass\n cryptographic protection mechanisms by leveraging knowledge\n of this string, a different vulnerability than\n CVE-2011-1184.\n\n Special Instructions and Notes:\n\n Please reboot the system after installing this update.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE11.4\") {\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.32~7.14.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.32~7.14.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.32~7.14.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-el-1_0-api\", rpm:\"tomcat6-el-1_0-api~6.0.32~7.14.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.32~7.14.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-jsp-2_1-api\", rpm:\"tomcat6-jsp-2_1-api~6.0.32~7.14.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.32~7.14.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-servlet-2_5-api\", rpm:\"tomcat6-servlet-2_5-api~6.0.32~7.14.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.32~7.14.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-02T10:57:19", "description": "Check for the Version of tomcat6", "cvss3": {}, "published": "2012-08-02T00:00:00", "type": "openvas", "title": "SuSE Update for tomcat6 openSUSE-SU-2012:0208-1 (tomcat6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-5063", "CVE-2011-5062", "CVE-2011-1184", "CVE-2011-5064"], "modified": "2018-01-01T00:00:00", "id": "OPENVAS:850210", "href": "http://plugins.openvas.org/nasl.php?oid=850210", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_0208_1.nasl 8265 2018-01-01 06:29:23Z teissa $\n#\n# SuSE Update for tomcat6 openSUSE-SU-2012:0208-1 (tomcat6)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This update fixes a regression in parameter passing (in\n urldecoding of parameters that contain spaces).\n\n In addition, multiple weaknesses in HTTP DIGESTS are fixed\n (CVE-2011-1184).\n\n\n CVE-2011-5062: The HTTP Digest Access Authentication\n implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x\n before 6.0.33 and 7.x before 7.0.12 does not check qop\n values, which might allow remote attackers to bypass\n intended integrity-protection requirements via a qop=auth\n value, a different vulnerability than CVE-2011-1184.\n\n CVE-2011-5063: The HTTP Digest Access Authentication\n implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x\n before 6.0.33, and 7.x before 7.0.12 does not check realm\n values, which might allow remote attackers to bypass\n intended access restrictions by leveraging the availability\n of a protection space with weaker authentication or\n authorization requirements, a different vulnerability than\n CVE-2011-1184.\n\n CVE-2011-5064: DigestAuthenticator.java in the HTTP Digest\n Access Authentication implementation in Apache Tomcat 5.5.x\n before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12\n uses Catalina as the hard-coded server secret (aka private\n key), which makes it easier for remote attackers to bypass\n cryptographic protection mechanisms by leveraging knowledge\n of this string, a different vulnerability than\n CVE-2011-1184.\n\n\n Special Instructions and Notes:\n\n Please reboot the system after installing this update.\";\n\ntag_affected = \"tomcat6 on openSUSE 11.4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850210);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-02 20:47:11 +0530 (Thu, 02 Aug 2012)\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:0208_1\");\n script_name(\"SuSE Update for tomcat6 openSUSE-SU-2012:0208-1 (tomcat6)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.32~7.14.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.32~7.14.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.32~7.14.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-1_0-api\", rpm:\"tomcat6-el-1_0-api~6.0.32~7.14.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.32~7.14.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2_1-api\", rpm:\"tomcat6-jsp-2_1-api~6.0.32~7.14.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.32~7.14.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2_5-api\", rpm:\"tomcat6-servlet-2_5-api~6.0.32~7.14.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.32~7.14.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2020-03-14T18:59:32", "description": "Oracle Linux Local Security Checks ELSA-2011-1780", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1780", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-5063", "CVE-2011-5062", "CVE-2011-1184", "CVE-2011-5064", "CVE-2011-3190"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310122047", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122047", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122047\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:12:11 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1780\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1780 - tomcat6 security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1780\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1780.html\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~35.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~35.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~35.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~35.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~35.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~35.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~35.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~35.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~35.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T18:58:58", "description": "Oracle Linux Local Security Checks ELSA-2011-1845", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1845", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-0013", "CVE-2011-5063", "CVE-2011-5062", "CVE-2011-1184", "CVE-2010-3718", "CVE-2011-5064"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310122020", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122020", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122020\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:11:48 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1845\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1845 - tomcat5 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1845\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1845.html\");\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.22.el5_7\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.22.el5_7\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.22.el5_7\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.22.el5_7\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.22.el5_7\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.22.el5_7\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.22.el5_7\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.22.el5_7\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:38:53", "description": "The remote host is missing an update to tomcat6\nannounced via advisory DSA 2401-1.", "cvss3": {}, "published": "2012-02-12T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2401-1 (tomcat6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0022", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-4858", "CVE-2011-5063", "CVE-2011-5062", "CVE-2011-1184", "CVE-2011-3375", "CVE-2011-5064", "CVE-2011-3190"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231070718", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070718", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2401_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2401-1 (tomcat6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70718\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 06:38:55 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2401-1 (tomcat6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202401-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been found in Tomcat, a servlet and JSP\nengine:\n\nCVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064\n\nThe HTTP Digest Access Authentication implementation performed\ninsufficient countermeasures against replay attacks.\n\nCVE-2011-2204\n\nIn rare setups passwords were written into a logfile.\n\nCVE-2011-2526\n\nMissing input sanisiting in the HTTP APR or HTTP NIO connectors\ncould lead to denial of service.\n\nCVE-2011-3190\n\nAJP requests could be spoofed in some setups.\n\nCVE-2011-3375\n\nIncorrect request caching could lead to information disclosure.\n\nCVE-2011-4858 CVE-2012-0022\n\nThis update adds countermeasures against a collision denial of\nservice vulnerability in the Java hashtable implementation and\naddresses denial of service potentials when processing large\namounts of requests.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6.0.35-1+squeeze2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 6.0.35-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your tomcat6 packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to tomcat6\nannounced via advisory DSA 2401-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:33", "description": "The remote host is missing an update to tomcat6\nannounced via advisory DSA 2401-1.", "cvss3": {}, "published": "2012-02-12T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2401-1 (tomcat6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0022", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-4858", "CVE-2011-5063", "CVE-2011-5062", "CVE-2011-1184", "CVE-2011-3375", "CVE-2011-5064", "CVE-2011-3190"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:70718", "href": "http://plugins.openvas.org/nasl.php?oid=70718", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2401_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2401-1 (tomcat6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been found in Tomcat, a servlet and JSP\nengine:\n\nCVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064\n\nThe HTTP Digest Access Authentication implementation performed\ninsufficient countermeasures against replay attacks.\n\nCVE-2011-2204\n\nIn rare setups passwords were written into a logfile.\n\nCVE-2011-2526\n\nMissing input sanisiting in the HTTP APR or HTTP NIO connectors\ncould lead to denial of service.\n\nCVE-2011-3190\n\nAJP requests could be spoofed in some setups.\n\nCVE-2011-3375\n\nIncorrect request caching could lead to information disclosure.\n\nCVE-2011-4858 CVE-2012-0022\n\nThis update adds countermeasures against a collision denial of\nservice vulnerability in the Java hashtable implementation and\naddresses denial of service potentials when processing large\namounts of requests.\n\nAdditional information can be\nfound at http://tomcat.apache.org/security-6.html\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6.0.35-1+squeeze2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 6.0.35-1.\n\nWe recommend that you upgrade your tomcat6 packages.\";\ntag_summary = \"The remote host is missing an update to tomcat6\nannounced via advisory DSA 2401-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202401-1\";\n\nif(description)\n{\n script_id(70718);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 06:38:55 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2401-1 (tomcat6)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:57:57", "description": "Check for the Version of tomcat6", "cvss3": {}, "published": "2012-08-14T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat6 FEDORA-2012-7593", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1183", "CVE-2011-1184", "CVE-2011-1138"], "modified": "2017-12-29T00:00:00", "id": "OPENVAS:864616", "href": "http://plugins.openvas.org/nasl.php?oid=864616", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat6 FEDORA-2012-7593\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License version 2.0. Tomcat is intended\n to be a collaboration of the best-of-breed developers from around the world.\";\n\ntag_affected = \"tomcat6 on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084801.html\");\n script_id(864616);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-14 10:37:55 +0530 (Tue, 14 Aug 2012)\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-1183\", \"CVE-2011-1138\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-7593\");\n script_name(\"Fedora Update for tomcat6 FEDORA-2012-7593\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.35~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-14T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat6 FEDORA-2012-7593", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1183", "CVE-2011-1184", "CVE-2011-1138"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864616", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864616", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat6 FEDORA-2012-7593\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084801.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864616\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-14 10:37:55 +0530 (Tue, 14 Aug 2012)\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-1183\", \"CVE-2011-1138\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-7593\");\n script_name(\"Fedora Update for tomcat6 FEDORA-2012-7593\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"tomcat6 on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.35~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:01", "description": "This host is running Apache Tomcat and is prone to information disclosure\n vulnerability.", "cvss3": {}, "published": "2013-11-27T00:00:00", "type": "openvas", "title": "Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1475"], "modified": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310803780", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803780", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803780\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_cve_id(\"CVE-2011-1475\");\n script_bugtraq_id(47199);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-11-27 13:41:31 +0530 (Wed, 27 Nov 2013)\");\n script_name(\"Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\");\n\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/66676\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id?1025303\");\n script_xref(name:\"URL\", value:\"http://cxsecurity.com/issue/WLB-2011040175\");\n\n script_tag(name:\"summary\", value:\"This host is running Apache Tomcat and is prone to information disclosure\n vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"Upgrade Apache Tomcat version to 7.0.12 or later.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an improper handling of HTTP pipelining. A remote attacker\n could exploit this vulnerability to read responses intended for another user\n and obtain sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat version 7.0.x before 7.0.12.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to obtain sensitive\n information that may aid in further attacks.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"7.0.0\", test_version2:\"7.0.11\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"7.0.12\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:38:24", "description": "This host is running Apache Tomcat and is prone to security bypass\n vulnerability.", "cvss3": {}, "published": "2013-11-27T00:00:00", "type": "openvas", "title": "Apache Tomcat Login Constraints Security Bypass Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1183"], "modified": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310803779", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803779", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat Login Constraints Security Bypass Vulnerability\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803779\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_cve_id(\"CVE-2011-1183\");\n script_bugtraq_id(47196);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-11-27 13:06:15 +0530 (Wed, 27 Nov 2013)\");\n script_name(\"Apache Tomcat Login Constraints Security Bypass Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\");\n\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/66675\");\n script_xref(name:\"URL\", value:\"http://cxsecurity.com/issue/WLB-2011040174\");\n script_xref(name:\"URL\", value:\"http://seclists.org/fulldisclosure/2011/Apr/96\");\n script_xref(name:\"URL\", value:\"http://archives.neohapsis.com/archives/fulldisclosure/2011-04/0090.html\");\n\n script_tag(name:\"summary\", value:\"This host is running Apache Tomcat and is prone to security bypass\n vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"Upgrade Apache Tomcat version to 7.0.12 or later.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to constraints were ignored when no login configuration\n was present in the web.xml and the web application was marked as meta-data complete.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat version 7.0.11.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to bypass certain\n authentication and obtain sensitive information.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_is_equal( version:vers, test_version:\"7.0.11\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"7.0.11\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:54", "description": "The remote host is missing updates announced in\nadvisory GLSA 201206-24.", "cvss3": {}, "published": "2012-08-10T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201206-24 (apache tomcat)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4312", "CVE-2009-0033", "CVE-2011-1088", "CVE-2010-4172", "CVE-2011-1183", "CVE-2012-0022", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2011-2204", "CVE-2011-1419", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-1582", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-4858", "CVE-2011-0534", "CVE-2011-5063", "CVE-2009-2901", "CVE-2011-5062", "CVE-2011-1184", "CVE-2010-2227", "CVE-2009-0783", "CVE-2010-3718", "CVE-2011-3375", "CVE-2011-5064", "CVE-2011-1475", "CVE-2009-2902", "CVE-2011-3190", "CVE-2011-2481"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:136141256231071550", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071550", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201206_24.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71550\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2010-4312\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-1088\", \"CVE-2011-1183\", \"CVE-2011-1184\", \"CVE-2011-1419\", \"CVE-2011-1475\", \"CVE-2011-1582\", \"CVE-2011-2204\", \"CVE-2011-2481\", \"CVE-2011-2526\", \"CVE-2011-2729\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:53 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201206-24 (apache tomcat)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities were found in Apache Tomcat, the worst of\nwhich allowing to read, modify and overwrite arbitrary files.\");\n script_tag(name:\"solution\", value:\"All Apache Tomcat 6.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-6.0.35'\n\n\nAll Apache Tomcat 7.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-7.0.23'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201206-24\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=272566\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=273662\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=303719\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=320963\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=329937\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=373987\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=374619\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=382043\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=386213\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=396401\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=399227\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201206-24.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-servers/tomcat\", unaffected: make_list(\"rge 6.0.35\", \"ge 7.0.23\"), vulnerable: make_list(\"rlt 5.5.34\", \"rlt 6.0.35\", \"lt 7.0.23\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:53", "description": "The remote host is missing updates announced in\nadvisory GLSA 201206-24.", "cvss3": {}, "published": "2012-08-10T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201206-24 (apache tomcat)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4312", "CVE-2009-0033", "CVE-2011-1088", "CVE-2010-4172", "CVE-2011-1183", "CVE-2012-0022", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2011-2204", "CVE-2011-1419", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-1582", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-4858", "CVE-2011-0534", "CVE-2011-5063", "CVE-2009-2901", "CVE-2011-5062", "CVE-2011-1184", "CVE-2010-2227", "CVE-2009-0783", "CVE-2010-3718", "CVE-2011-3375", "CVE-2011-5064", "CVE-2011-1475", "CVE-2009-2902", "CVE-2011-3190", "CVE-2011-2481"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:71550", "href": "http://plugins.openvas.org/nasl.php?oid=71550", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were found in Apache Tomcat, the worst of\nwhich allowing to read, modify and overwrite arbitrary files.\";\ntag_solution = \"All Apache Tomcat 6.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-6.0.35'\n \n\nAll Apache Tomcat 7.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-7.0.23'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201206-24\nhttp://bugs.gentoo.org/show_bug.cgi?id=272566\nhttp://bugs.gentoo.org/show_bug.cgi?id=273662\nhttp://bugs.gentoo.org/show_bug.cgi?id=303719\nhttp://bugs.gentoo.org/show_bug.cgi?id=320963\nhttp://bugs.gentoo.org/show_bug.cgi?id=329937\nhttp://bugs.gentoo.org/show_bug.cgi?id=373987\nhttp://bugs.gentoo.org/show_bug.cgi?id=374619\nhttp://bugs.gentoo.org/show_bug.cgi?id=382043\nhttp://bugs.gentoo.org/show_bug.cgi?id=386213\nhttp://bugs.gentoo.org/show_bug.cgi?id=396401\nhttp://bugs.gentoo.org/show_bug.cgi?id=399227\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201206-24.\";\n\n \n \nif(description)\n{\n script_id(71550);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2010-4312\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-1088\", \"CVE-2011-1183\", \"CVE-2011-1184\", \"CVE-2011-1419\", \"CVE-2011-1475\", \"CVE-2011-1582\", \"CVE-2011-2204\", \"CVE-2011-2481\", \"CVE-2011-2526\", \"CVE-2011-2729\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:53 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201206-24 (apache tomcat)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-servers/tomcat\", unaffected: make_list(\"rge 6.0.35\", \"ge 7.0.23\"), vulnerable: make_list(\"rlt 5.5.34\", \"rlt 6.0.35\", \"lt 7.0.23\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:34:51", "description": "This host is installed with Apache Tomcat\n and is prone to a security bypass vulnerability.", "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "openvas", "title": "Apache Tomcat 'ServletSecurity' Annotations Security Bypass Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1088", "CVE-2011-1419"], "modified": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310812241", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812241", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat 'ServletSecurity' Annotations Security Bypass Vulnerability (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812241\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_cve_id(\"CVE-2011-1088\", \"CVE-2011-1419\");\n script_bugtraq_id(46685);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-12-12 11:08:44 +0530 (Tue, 12 Dec 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Apache Tomcat 'ServletSecurity' Annotations Security Bypass Vulnerability (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to a security bypass vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to when a web application\n was started, ServletSecurity annotations were ignored. This meant that some\n areas of the application may not have been protected as expected.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to bypass certain authentication and obtain sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat versions 7.0.0 to 7.0.10\n on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Tomcat version 7.0.11 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.11\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/archive/1/517013/100/0/threaded\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(tomPort = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location( cpe:CPE, port:tomPort, exit_no_version:TRUE)) exit(0);\nappVer = infos['version'];\npath = infos['location'];\n\nif(appVer =~ \"^(7\\.)\")\n{\n if(version_is_less(version:appVer, test_version:\"7.0.11\"))\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:\"7.0.11\", install_path:path);\n security_message(data:report, port:tomPort);\n exit(0);\n }\n}\nexit(0);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:52", "description": "This host is installed with Apache Tomcat\n and is prone to a security bypass vulnerability.", "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "openvas", "title": "Apache Tomcat 'ServletSecurity' Annotations Security Bypass Vulnerability (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1088", "CVE-2011-1419"], "modified": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310812257", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812257", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat 'ServletSecurity' Annotations Security Bypass Vulnerability (Linux)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812257\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_cve_id(\"CVE-2011-1088\", \"CVE-2011-1419\");\n script_bugtraq_id(46685);\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-12-12 13:08:44 +0530 (Tue, 12 Dec 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Apache Tomcat 'ServletSecurity' Annotations Security Bypass Vulnerability (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to a security bypass vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to when a web application\n was started, ServletSecurity annotations were ignored. This meant that some\n areas of the application may not have been protected as expected.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to bypass certain authentication and obtain sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat versions 7.0.0 to 7.0.10\n on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Tomcat version 7.0.11 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.11\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/archive/1/517013/100/0/threaded\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(tomPort = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location( cpe:CPE, port:tomPort, exit_no_version:TRUE)) exit(0);\nappVer = infos['version'];\npath = infos['location'];\n\nif(appVer =~ \"^7\\.\")\n{\n if(version_is_less(version:appVer, test_version:\"7.0.11\"))\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:\"7.0.11\", install_path:path);\n security_message(data:report, port:tomPort);\n exit(0);\n }\n}\nexit(0);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-03-17T23:04:01", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2011-25)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-1184", "CVE-2011-3190"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120400", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120400", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120400\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 11:24:47 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2011-25)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in Apache Tomcat. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update tomcat6 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2011-25.html\");\n script_cve_id(\"CVE-2011-3190\", \"CVE-2011-1184\", \"CVE-2011-2204\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.33~1.26.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.33~1.26.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.33~1.26.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.33~1.26.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.33~1.26.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.33~1.26.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.33~1.26.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.33~1.26.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.33~1.26.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.33~1.26.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:56:31", "description": "Check for the Version of tomcat6", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat6 RHSA-2011:1780-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-1184", "CVE-2011-3190"], "modified": "2017-12-27T00:00:00", "id": "OPENVAS:870651", "href": "http://plugins.openvas.org/nasl.php?oid=870651", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat6 RHSA-2011:1780-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n APR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and\n CVE-2011-2526 descriptions does not refer to APR provided by the apr\n packages. It refers to the implementation of APR provided by the Tomcat\n Native library, which provides support for using APR with Tomcat. This\n library is not shipped with Red Hat Enterprise Linux 6. This update\n includes fixes for users who have elected to use APR with Tomcat by taking\n the Tomcat Native library from a different product. Such a configuration is\n not supported by Red Hat, however.\n\n Multiple flaws were found in the way Tomcat handled HTTP DIGEST\n authentication. These flaws weakened the Tomcat HTTP DIGEST authentication\n implementation, subjecting it to some of the weaknesses of HTTP BASIC\n authentication, for example, allowing remote attackers to perform session\n replay attacks. (CVE-2011-1184)\n\n A flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\n and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\n Protocol) connectors processed certain POST requests. An attacker could\n send a specially-crafted request that would cause the connector to treat\n the message body as a new request. This allows arbitrary AJP messages to be\n injected, possibly allowing an attacker to bypass a web application's\n authentication checks and gain access to information they would otherwise\n be unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\n connector is used by default when the APR libraries are not present. The JK\n connector is not affected by this flaw. (CVE-2011-3190)\n\n A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\n occurred when creating a new user with a JMX client, that user's password\n was logged to Tomcat log files. Note: By default, only administrators have\n access to such log files. (CVE-2011-2204)\n\n A flaw was found in the way Tomcat handled sendfile request attributes when\n using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web\n application running on a Tomcat instance could use this flaw to bypass\n security manager restrictions and gain access to files it would otherwise\n be unable to access, or possibly terminate the Java Virtual Machine (JVM).\n The HTTP blocking IO (BIO) connector, which is not vulnerable to this\n issue, is used by default in Red Hat Enterprise Linux 6. (CVE-2011-2526)\n\n Red Hat would like to thank the Apach ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"tomcat6 on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-December/msg00003.html\");\n script_id(870651);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:41:29 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:1780-01\");\n script_name(\"RedHat Update for tomcat6 RHSA-2011:1780-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~35.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~35.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~35.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~35.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~35.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:55", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1252-1", "cvss3": {}, "published": "2011-11-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for tomcat6 USN-1252-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-1184", "CVE-2011-3190"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840803", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840803", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1252_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for tomcat6 USN-1252-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1252-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840803\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:59:15 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1252-1\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\");\n script_name(\"Ubuntu Update for tomcat6 USN-1252-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1252-1\");\n script_tag(name:\"affected\", value:\"tomcat6 on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that Tomcat incorrectly implemented HTTP DIGEST\n authentication. An attacker could use this flaw to perform a variety of\n authentication attacks. (CVE-2011-1184)\n\n Polina Genova discovered that Tomcat incorrectly created log entries with\n passwords when encountering errors during JMX user creation. A local\n attacker could possibly use this flaw to obtain sensitive information. This\n issue only affected Ubuntu 10.04 LTS, 10.10 and 11.04. (CVE-2011-2204)\n\n It was discovered that Tomcat incorrectly validated certain request\n attributes when sendfile is enabled. A local attacker could bypass intended\n restrictions, or cause the JVM to crash, resulting in a denial of service.\n (CVE-2011-2526)\n\n It was discovered that Tomcat incorrectly handled certain AJP requests. A\n remote attacker could use this flaw to spoof requests, bypass\n authentication, and obtain sensitive information. This issue only affected\n Ubuntu 10.04 LTS, 10.10 and 11.04. (CVE-2011-3190)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.28-2ubuntu1.5\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.24-2ubuntu1.9\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.28-10ubuntu2.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:58:12", "description": "Check for the Version of tomcat6", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat6 CESA-2011:1780 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-1184", "CVE-2011-3190"], "modified": "2017-12-29T00:00:00", "id": "OPENVAS:881445", "href": "http://plugins.openvas.org/nasl.php?oid=881445", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat6 CESA-2011:1780 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n APR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and\n CVE-2011-2526 descriptions does not refer to APR provided by the apr\n packages. It refers to the implementation of APR provided by the Tomcat\n Native library, which provides support for using APR with Tomcat. This\n library is not shipped with Red Hat Enterprise Linux 6. This update\n includes fixes for users who have elected to use APR with Tomcat by taking\n the Tomcat Native library from a different product. Such a configuration is\n not supported by Red Hat, however.\n \n Multiple flaws were found in the way Tomcat handled HTTP DIGEST\n authentication. These flaws weakened the Tomcat HTTP DIGEST authentication\n implementation, subjecting it to some of the weaknesses of HTTP BASIC\n authentication, for example, allowing remote attackers to perform session\n replay attacks. (CVE-2011-1184)\n \n A flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\n and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\n Protocol) connectors processed certain POST requests. An attacker could\n send a specially-crafted request that would cause the connector to treat\n the message body as a new request. This allows arbitrary AJP messages to be\n injected, possibly allowing an attacker to bypass a web application's\n authentication checks and gain access to information they would otherwise\n be unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\n connector is used by default when the APR libraries are not present. The JK\n connector is not affected by this flaw. (CVE-2011-3190)\n \n A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\n occurred when creating a new user with a JMX client, that user's password\n was logged to Tomcat log files. Note: By default, only administrators have\n access to such log files. (CVE-2011-2204)\n \n A flaw was found in the way Tomcat handled sendfile request attributes when\n using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web\n application running on a Tomcat instance could use this flaw to bypass\n security manager restrictions and gain access to files it would otherwise\n be unable to access, or possibly terminate the Java Virtual Machine (JVM).\n The HTTP blocking IO (BIO) connector, which is not vulnerable to this\n issue, is used by default in Red Hat Enterprise Linux 6. (CVE-2011-2526)\n \n Red Hat would like to thank the Apache Tomcat project for reporting the\n CVE-2011-2526 issue.\n \n This update al ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"tomcat6 on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-December/018356.html\");\n script_id(881445);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:52:50 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1780\");\n script_name(\"CentOS Update for tomcat6 CESA-2011:1780 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:51", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2011-12-23T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat5 CESA-2011:1845 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-0013", "CVE-2011-1184", "CVE-2010-3718"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:881059", "href": "http://plugins.openvas.org/nasl.php?oid=881059", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat5 CESA-2011:1845 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n It was found that web applications could modify the location of the Tomcat\n host's work directory. As web applications deployed on Tomcat have read and\n write access to this directory, a malicious web application could use this\n flaw to trick Tomcat into giving it read and write access to an arbitrary\n directory on the file system. (CVE-2010-3718)\n\n A cross-site scripting (XSS) flaw was found in the Manager application,\n used for managing web applications on Apache Tomcat. A malicious web\n application could use this flaw to conduct an XSS attack, leading to\n arbitrary web script execution with the privileges of victims who are\n logged into and viewing Manager application web pages. (CVE-2011-0013)\n\n Multiple flaws were found in the way Tomcat handled HTTP DIGEST\n authentication. These flaws weakened the Tomcat HTTP DIGEST authentication\n implementation, subjecting it to some of the weaknesses of HTTP BASIC\n authentication, for example, allowing remote attackers to perform session\n replay attacks. (CVE-2011-1184)\n\n A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\n occurred when creating a new user with a JMX client, that user's password\n was logged to Tomcat log files. Note: By default, only administrators have\n access to such log files. (CVE-2011-2204)\n\n Users of Tomcat should upgrade to these updated packages, which contain\n backported patches to correct these issues. Tomcat must be restarted for\n this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat5 on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-December/018336.html\");\n script_id(881059);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-23 10:34:35 +0530 (Fri, 23 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"CESA\", value: \"2011:1845\");\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-1184\", \"CVE-2011-2204\");\n script_name(\"CentOS Update for tomcat5 CESA-2011:1845 centos5 i386\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat6 CESA-2011:1780 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-1184", "CVE-2011-3190"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881445", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881445", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat6 CESA-2011:1780 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-December/018356.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881445\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:52:50 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2011:1780\");\n script_name(\"CentOS Update for tomcat6 CESA-2011:1780 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"tomcat6 on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n APR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and\n CVE-2011-2526 descriptions does not refer to APR provided by the apr\n packages. It refers to the implementation of APR provided by the Tomcat\n Native library, which provides support for using APR with Tomcat. This\n library is not shipped with Red Hat Enterprise Linux 6. This update\n includes fixes for users who have elected to use APR with Tomcat by taking\n the Tomcat Native library from a different product. Such a configuration is\n not supported by Red Hat, however.\n\n Multiple flaws were found in the way Tomcat handled HTTP DIGEST\n authentication. These flaws weakened the Tomcat HTTP DIGEST authentication\n implementation, subjecting it to some of the weaknesses of HTTP BASIC\n authentication, for example, allowing remote attackers to perform session\n replay attacks. (CVE-2011-1184)\n\n A flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\n and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\n Protocol) connectors processed certain POST requests. An attacker could\n send a specially-crafted request that would cause the connector to treat\n the message body as a new request. This allows arbitrary AJP messages to be\n injected, possibly allowing an attacker to bypass a web application's\n authentication checks and gain access to information they would otherwise\n be unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\n connector is used by default when the APR libraries are not present. The JK\n connector is not affected by this flaw. (CVE-2011-3190)\n\n A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\n occurred when creating a new user with a JMX client, that user's password\n was logged to Tomcat log files. Note: By default, only administrators have\n access to such log files. (CVE-2011-2204)\n\n A flaw was found in the way Tomcat handled sendfile request attributes when\n using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web\n application running on a Tomcat instance could use this flaw to bypass\n security manager restrictions and gain access to files it would otherwise\n be unable to access, or possibly terminate the Java Virtual Machine (JVM).\n The HTTP blocking IO (BIO) connector, which is not vulnerable to this\n issue, is used by default in Red Hat Enterprise Linux 6. (CVE-2011-2526)\n\n Red Hat would like to thank the Apache Tomcat project for reporting the\n CVE-2011-2526 issue.\n\n This update al ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~35.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:45", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-11-11T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat6 FEDORA-2011-15005", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-1184", "CVE-2011-3190"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863609", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863609", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat6 FEDORA-2011-15005\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069006.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863609\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:52:51 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-15005\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-3190\", \"CVE-2011-2526\", \"CVE-2011-2204\");\n script_name(\"Fedora Update for tomcat6 FEDORA-2011-15005\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"tomcat6 on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.32~10.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-10-21T00:00:00", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2011:156 (tomcat5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-1184", "CVE-2011-3190"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831472", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831472", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDVSA-2011:156 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-10/msg00032.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831472\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"MDVSA\", value:\"2011:156\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\");\n script_name(\"Mandriva Update for tomcat5 MDVSA-2011:156 (tomcat5)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat5'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1)\");\n script_tag(name:\"affected\", value:\"tomcat5 on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been discovered and corrected in tomcat\n 5.5.x:\n\n The implementation of HTTP DIGEST authentication in tomcat was\n discovered to have several weaknesses (CVE-2011-1184).\n\n Apache Tomcat, when the MemoryUserDatabase is used, creates log entries\n containing passwords upon encountering errors in JMX user creation,\n which allows local users to obtain sensitive information by reading\n a log file (CVE-2011-2204).\n\n Apache Tomcat, when sendfile is enabled for the HTTP APR or HTTP\n NIO connector, does not validate certain request attributes, which\n allows local users to bypass intended file access restrictions or\n cause a denial of service (infinite loop or JVM crash) by leveraging\n an untrusted web application (CVE-2011-2526).\n\n Certain AJP protocol connector implementations in Apache Tomcat allow\n remote attackers to spoof AJP requests, bypass authentication, and\n obtain sensitive information by causing the connector to interpret\n a request body as a new request (CVE-2011-3190).\n\n The updated packages have been patched to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:55:32", "description": "Check for the Version of tomcat6", "cvss3": {}, "published": "2011-11-11T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat6 FEDORA-2011-15005", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-1184", "CVE-2011-3190"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863609", "href": "http://plugins.openvas.org/nasl.php?oid=863609", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat6 FEDORA-2011-15005\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License version 2.0. Tomcat is intended\n to be a collaboration of the best-of-breed developers from around the world.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat6 on Fedora 15\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069006.html\");\n script_id(863609);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:52:51 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-15005\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-3190\", \"CVE-2011-2526\", \"CVE-2011-2204\");\n script_name(\"Fedora Update for tomcat6 FEDORA-2011-15005\");\n\n script_summary(\"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.32~10.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:55:33", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2011-12-23T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat5 RHSA-2011:1845-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-0013", "CVE-2011-1184", "CVE-2010-3718"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870525", "href": "http://plugins.openvas.org/nasl.php?oid=870525", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat5 RHSA-2011:1845-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n It was found that web applications could modify the location of the Tomcat\n host's work directory. As web applications deployed on Tomcat have read and\n write access to this directory, a malicious web application could use this\n flaw to trick Tomcat into giving it read and write access to an arbitrary\n directory on the file system. (CVE-2010-3718)\n\n A cross-site scripting (XSS) flaw was found in the Manager application,\n used for managing web applications on Apache Tomcat. A malicious web\n application could use this flaw to conduct an XSS attack, leading to\n arbitrary web script execution with the privileges of victims who are\n logged into and viewing Manager application web pages. (CVE-2011-0013)\n\n Multiple flaws were found in the way Tomcat handled HTTP DIGEST\n authentication. These flaws weakened the Tomcat HTTP DIGEST authentication\n implementation, subjecting it to some of the weaknesses of HTTP BASIC\n authentication, for example, allowing remote attackers to perform session\n replay attacks. (CVE-2011-1184)\n\n A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\n occurred when creating a new user with a JMX client, that user's password\n was logged to Tomcat log files. Note: By default, only administrators have\n access to such log files. (CVE-2011-2204)\n\n Users of Tomcat should upgrade to these updated packages, which contain\n backported patches to correct these issues. Tomcat must be restarted for\n this update to take effect.\";\n\ntag_affected = \"tomcat5 on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-December/msg00043.html\");\n script_id(870525);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-23 10:33:52 +0530 (Fri, 23 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"RHSA\", value: \"2011:1845-01\");\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-1184\", \"CVE-2011-2204\");\n script_name(\"RedHat Update for tomcat5 RHSA-2011:1845-01\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper-5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-0013", "CVE-2011-1184", "CVE-2010-3718"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881269", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881269", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-December/018337.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881269\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:14:04 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-1184\", \"CVE-2011-2204\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"CESA\", value:\"2011:1845\");\n script_name(\"CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat5'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"tomcat5 on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n It was found that web applications could modify the location of the Tomcat\n host's work directory. As web applications deployed on Tomcat have read and\n write access to this directory, a malicious web application could use this\n flaw to trick Tomcat into giving it read and write access to an arbitrary\n directory on the file system. (CVE-2010-3718)\n\n A cross-site scripting (XSS) flaw was found in the Manager application,\n used for managing web applications on Apache Tomcat. A malicious web\n application could use this flaw to conduct an XSS attack, leading to\n arbitrary web script execution with the privileges of victims who are\n logged into and viewing Manager application web pages. (CVE-2011-0013)\n\n Multiple flaws were found in the way Tomcat handled HTTP DIGEST\n authentication. These flaws weakened the Tomcat HTTP DIGEST authentication\n implementation, subjecting it to some of the weaknesses of HTTP BASIC\n authentication, for example, allowing remote attackers to perform session\n replay attacks. (CVE-2011-1184)\n\n A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\n occurred when creating a new user with a JMX client, that user's password\n was logged to Tomcat log files. Note: By default, only administrators have\n access to such log files. (CVE-2011-2204)\n\n Users of Tomcat should upgrade to these updated packages, which contain\n backported patches to correct these issues. Tomcat must be restarted for\n this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-02-21T00:59:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-12-23T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat5 RHSA-2011:1845-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-0013", "CVE-2011-1184", "CVE-2010-3718"], "modified": "2020-02-19T00:00:00", "id": "OPENVAS:1361412562310870525", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870525", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat5 RHSA-2011:1845-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-December/msg00043.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870525\");\n script_version(\"2020-02-19T15:17:22+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-19 15:17:22 +0000 (Wed, 19 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-12-23 10:33:52 +0530 (Fri, 23 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"RHSA\", value:\"2011:1845-01\");\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-1184\", \"CVE-2011-2204\");\n script_name(\"RedHat Update for tomcat5 RHSA-2011:1845-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat5'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"tomcat5 on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n It was found that web applications could modify the location of the Tomcat\n host's work directory. As web applications deployed on Tomcat have read and\n write access to this directory, a malicious web application could use this\n flaw to trick Tomcat into giving it read and write access to an arbitrary\n directory on the file system. (CVE-2010-3718)\n\n A cross-site scripting (XSS) flaw was found in the Manager application,\n used for managing web applications on Apache Tomcat. A malicious web\n application could use this flaw to conduct an XSS attack, leading to\n arbitrary web script execution with the privileges of victims who are\n logged into and viewing Manager application web pages. (CVE-2011-0013)\n\n Multiple flaws were found in the way Tomcat handled HTTP DIGEST\n authentication. These flaws weakened the Tomcat HTTP DIGEST authentication\n implementation, subjecting it to some of the weaknesses of HTTP BASIC\n authentication, for example, allowing remote attackers to perform session\n replay attacks. (CVE-2011-1184)\n\n A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\n occurred when creating a new user with a JMX client, that user's password\n was logged to Tomcat log files. Note: By default, only administrators have\n access to such log files. (CVE-2011-2204)\n\n Users of Tomcat should upgrade to these updated packages, which contain\n backported patches to correct these issues. Tomcat must be restarted for\n this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-02T10:56:18", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-0013", "CVE-2011-1184", "CVE-2010-3718"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:881269", "href": "http://plugins.openvas.org/nasl.php?oid=881269", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n It was found that web applications could modify the location of the Tomcat\n host's work directory. As web applications deployed on Tomcat have read and\n write access to this directory, a malicious web application could use this\n flaw to trick Tomcat into giving it read and write access to an arbitrary\n directory on the file system. (CVE-2010-3718)\n \n A cross-site scripting (XSS) flaw was found in the Manager application,\n used for managing web applications on Apache Tomcat. A malicious web\n application could use this flaw to conduct an XSS attack, leading to\n arbitrary web script execution with the privileges of victims who are\n logged into and viewing Manager application web pages. (CVE-2011-0013)\n \n Multiple flaws were found in the way Tomcat handled HTTP DIGEST\n authentication. These flaws weakened the Tomcat HTTP DIGEST authentication\n implementation, subjecting it to some of the weaknesses of HTTP BASIC\n authentication, for example, allowing remote attackers to perform session\n replay attacks. (CVE-2011-1184)\n \n A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\n occurred when creating a new user with a JMX client, that user's password\n was logged to Tomcat log files. Note: By default, only administrators have\n access to such log files. (CVE-2011-2204)\n \n Users of Tomcat should upgrade to these updated packages, which contain\n backported patches to correct these issues. Tomcat must be restarted for\n this update to take effect.\";\n\ntag_affected = \"tomcat5 on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-December/018337.html\");\n script_id(881269);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:14:04 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-1184\", \"CVE-2011-2204\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"CESA\", value: \"2011:1845\");\n script_name(\"CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:55:34", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2011-10-21T00:00:00", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2011:156 (tomcat5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-1184", "CVE-2011-3190"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:831472", "href": "http://plugins.openvas.org/nasl.php?oid=831472", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDVSA-2011:156 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been discovered and corrected in tomcat\n 5.5.x:\n\n The implementation of HTTP DIGEST authentication in tomcat was\n discovered to have several weaknesses (CVE-2011-1184).\n \n Apache Tomcat, when the MemoryUserDatabase is used, creates log entries\n containing passwords upon encountering errors in JMX user creation,\n which allows local users to obtain sensitive information by reading\n a log file (CVE-2011-2204).\n \n Apache Tomcat, when sendfile is enabled for the HTTP APR or HTTP\n NIO connector, does not validate certain request attributes, which\n allows local users to bypass intended file access restrictions or\n cause a denial of service (infinite loop or JVM crash) by leveraging\n an untrusted web application (CVE-2011-2526).\n \n Certain AJP protocol connector implementations in Apache Tomcat allow\n remote attackers to spoof AJP requests, bypass authentication, and\n obtain sensitive information by causing the connector to interpret\n a request body as a new request (CVE-2011-3190).\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-10/msg00032.php\");\n script_id(831472);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2011:156\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\");\n script_name(\"Mandriva Update for tomcat5 MDVSA-2011:156 (tomcat5)\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.28~0.5.0.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.28~0.5.0.3mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-09-23T15:14:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat6 RHSA-2011:1780-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-1184", "CVE-2011-3190"], "modified": "2019-09-16T00:00:00", "id": "OPENVAS:1361412562310870651", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870651", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat6 RHSA-2011:1780-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-December/msg00003.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870651\");\n script_version(\"2019-09-16T06:54:58+0000\");\n script_tag(name:\"last_modification\", value:\"2019-09-16 06:54:58 +0000 (Mon, 16 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:41:29 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2011:1780-01\");\n script_name(\"RedHat Update for tomcat6 RHSA-2011:1780-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"tomcat6 on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n APR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and\n CVE-2011-2526 descriptions does not refer to APR provided by the apr\n packages. It refers to the implementation of APR provided by the Tomcat\n Native library, which provides support for using APR with Tomcat. This\n library is not shipped with Red Hat Enterprise Linux 6. This update\n includes fixes for users who have elected to use APR with Tomcat by taking\n the Tomcat Native library from a different product. Such a configuration is\n not supported by Red Hat, however.\n\n Multiple flaws were found in the way Tomcat handled HTTP DIGEST\n authentication. These flaws weakened the Tomcat HTTP DIGEST authentication\n implementation, subjecting it to some of the weaknesses of HTTP BASIC\n authentication, for example, allowing remote attackers to perform session\n replay attacks. (CVE-2011-1184)\n\n A flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\n and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\n Protocol) connectors processed certain POST requests. An attacker could\n send a specially-crafted request that would cause the connector to treat\n the message body as a new request. This allows arbitrary AJP messages to be\n injected, possibly allowing an attacker to bypass a web application's\n authentication checks and gain access to information they would otherwise\n be unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\n connector is used by default when the APR libraries are not present. The JK\n connector is not affected by this flaw. (CVE-2011-3190)\n\n A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\n occurred when creating a new user with a JMX client, that user's password\n was logged to Tomcat log files. Note: By default, only administrators have\n access to such log files. (CVE-2011-2204)\n\n A flaw was found in the way Tomcat handled sendfile request attributes when\n using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web\n application running on a Tomcat instance could use this flaw to bypass\n security manager restrictions and gain access to files it would otherwise\n be unable to access, or possibly terminate the Java Virtual Machine (JVM).\n The HTTP blocking IO (BIO) connector, which is not vulnerable to this\n issue, is used by default in Red Hat Enterprise Linux 6. (CVE-2011-2526)\n\n Red Hat would like to thank the Apache ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~35.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~35.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~35.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~35.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~35.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-12-23T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat5 CESA-2011:1845 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-0013", "CVE-2011-1184", "CVE-2010-3718"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881059", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881059", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat5 CESA-2011:1845 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-December/018336.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881059\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-23 10:34:35 +0530 (Fri, 23 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"CESA\", value:\"2011:1845\");\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-1184\", \"CVE-2011-2204\");\n script_name(\"CentOS Update for tomcat5 CESA-2011:1845 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat5'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"tomcat5 on CentOS 5\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n It was found that web applications could modify the location of the Tomcat\n host's work directory. As web applications deployed on Tomcat have read and\n write access to this directory, a malicious web application could use this\n flaw to trick Tomcat into giving it read and write access to an arbitrary\n directory on the file system. (CVE-2010-3718)\n\n A cross-site scripting (XSS) flaw was found in the Manager application,\n used for managing web applications on Apache Tomcat. A malicious web\n application could use this flaw to conduct an XSS attack, leading to\n arbitrary web script execution with the privileges of victims who are\n logged into and viewing Manager application web pages. (CVE-2011-0013)\n\n Multiple flaws were found in the way Tomcat handled HTTP DIGEST\n authentication. These flaws weakened the Tomcat HTTP DIGEST authentication\n implementation, subjecting it to some of the weaknesses of HTTP BASIC\n authentication, for example, allowing remote attackers to perform session\n replay attacks. (CVE-2011-1184)\n\n A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\n occurred when creating a new user with a JMX client, that user's password\n was logged to Tomcat log files. Note: By default, only administrators have\n access to such log files. (CVE-2011-2204)\n\n Users of Tomcat should upgrade to these updated packages, which contain\n backported patches to correct these issues. Tomcat must be restarted for\n this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-12-04T11:27:10", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1252-1", "cvss3": {}, "published": "2011-11-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for tomcat6 USN-1252-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-1184", "CVE-2011-3190"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840803", "href": "http://plugins.openvas.org/nasl.php?oid=840803", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1252_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for tomcat6 USN-1252-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Tomcat incorrectly implemented HTTP DIGEST\n authentication. An attacker could use this flaw to perform a variety of\n authentication attacks. (CVE-2011-1184)\n\n Polina Genova discovered that Tomcat incorrectly created log entries with\n passwords when encountering errors during JMX user creation. A local\n attacker could possibly use this flaw to obtain sensitive information. This\n issue only affected Ubuntu 10.04 LTS, 10.10 and 11.04. (CVE-2011-2204)\n \n It was discovered that Tomcat incorrectly validated certain request\n attributes when sendfile is enabled. A local attacker could bypass intended\n restrictions, or cause the JVM to crash, resulting in a denial of service.\n (CVE-2011-2526)\n \n It was discovered that Tomcat incorrectly handled certain AJP requests. A\n remote attacker could use this flaw to spoof requests, bypass\n authentication, and obtain sensitive information. This issue only affected\n Ubuntu 10.04 LTS, 10.10 and 11.04. (CVE-2011-3190)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1252-1\";\ntag_affected = \"tomcat6 on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1252-1/\");\n script_id(840803);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:59:15 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1252-1\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\");\n script_name(\"Ubuntu Update for tomcat6 USN-1252-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.28-2ubuntu1.5\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.24-2ubuntu1.9\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.28-10ubuntu2.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T12:03:50", "description": "This update fixes a regression in parameter passing (in\n urldecoding of parameters that contain spaces).\n\n In addition, multiple weaknesses in HTTP DIGESTS have been\n fixed (CVE-2011-1184):\n\n * CVE-2011-5062: The HTTP Digest Access Authentication\n implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x\n before 6.0.33 and 7.x before 7.0.12 does not check qop\n values, which might allow remote attackers to bypass\n intended integrity-protection requirements via a qop=auth\n value, a different vulnerability than CVE-2011-1184.\n * CVE-2011-5063: The HTTP Digest Access Authentication\n implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x\n before 6.0.33, and 7.x before 7.0.12 does not check realm\n values, which might allow remote attackers to bypass\n intended access restrictions by leveraging the availability\n of a protection space with weaker authentication or\n authorization requirements, a different vulnerability than\n CVE-2011-1184.\n * CVE-2011-5064: DigestAuthenticator.java in the HTTP\n Digest Access Authentication implementation in Apache\n Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x\n before 7.0.12 uses Catalina as the hard-coded server secret\n (aka private key), which makes it easier for remote\n attackers to bypass cryptographic protection mechanisms by\n leveraging knowledge of this string, a different\n vulnerability than CVE-2011-1184.\n", "cvss3": {}, "published": "2012-02-07T04:08:27", "type": "suse", "title": "Security update for tomcat6 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-5063", "CVE-2011-5062", "CVE-2011-1184", "CVE-2011-5064"], "modified": "2012-02-07T04:08:27", "id": "SUSE-SU-2012:0155-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00002.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-04T11:40:16", "description": "This update fixes a regression in parameter passing (in\n urldecoding of parameters that contain spaces).\n\n In addition, multiple weaknesses in HTTP DIGESTS are fixed\n (CVE-2011-1184).\n\n\n CVE-2011-5062: The HTTP Digest Access Authentication\n implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x\n before 6.0.33 and 7.x before 7.0.12 does not check qop\n values, which might allow remote attackers to bypass\n intended integrity-protection requirements via a qop=auth\n value, a different vulnerability than CVE-2011-1184.\n\n CVE-2011-5063: The HTTP Digest Access Authentication\n implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x\n before 6.0.33, and 7.x before 7.0.12 does not check realm\n values, which might allow remote attackers to bypass\n intended access restrictions by leveraging the availability\n of a protection space with weaker authentication or\n authorization requirements, a different vulnerability than\n CVE-2011-1184.\n\n CVE-2011-5064: DigestAuthenticator.java in the HTTP Digest\n Access Authentication implementation in Apache Tomcat 5.5.x\n before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12\n uses Catalina as the hard-coded server secret (aka private\n key), which makes it easier for remote attackers to bypass\n cryptographic protection mechanisms by leveraging knowledge\n of this string, a different vulnerability than\n CVE-2011-1184.\n\n", "cvss3": {}, "published": "2012-02-09T19:09:55", "type": "suse", "title": "tomcat6: Fix multiple weaknesses in HTTP DIGESTS (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-5063", "CVE-2011-5062", "CVE-2011-1184", "CVE-2011-5064"], "modified": "2012-02-09T19:09:55", "id": "OPENSUSE-SU-2012:0208-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00006.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "redhat": [{"lastseen": "2021-10-19T20:36:47", "description": "JBoss Web Server is the web container, based on Apache Tomcat, in JBoss\nEnterprise Application Platform. It provides a single deployment platform\nfor the JavaServer Pages (JSP) and Java Servlet technologies.\n\nMultiple flaws were found in the way JBoss Web Server handled HTTP DIGEST\nauthentication. These flaws weakened the JBoss Web Server HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses of\nHTTP BASIC authentication, for example, allowing remote attackers to\nperform session replay attacks. (CVE-2011-1184, CVE-2011-5062,\nCVE-2011-5063, CVE-2011-5064)\n\nIt was found that the Java hashCode() method implementation was susceptible\nto predictable hash collisions. A remote attacker could use this flaw to\ncause JBoss Web Server to use an excessive amount of CPU time by sending an\nHTTP request with a large number of parameters whose names map to the same\nhash value. This update introduces a limit on the number of parameters and\nheaders processed per request to mitigate this issue. The default limit is\n512 for parameters and 128 for headers. These defaults can be changed by\nsetting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in\n\"jboss-as/server/[PROFILE]/deploy/properties-service.xml\". (CVE-2011-4858)\n\nA flaw was found in the way JBoss Web Server handled sendfile request\nattributes when using the HTTP APR (Apache Portable Runtime) or NIO\n(Non-Blocking I/O) connector. A malicious web application running on a\nJBoss Web Server instance could use this flaw to bypass security manager\nrestrictions and gain access to files it would otherwise be unable to\naccess, or possibly terminate the Java Virtual Machine (JVM).\n(CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the\nApache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges\nJulian W\u00e4lde and Alexander Klink as the original reporters of\nCVE-2011-4858.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"jboss-as/server/[PROFILE]/deploy/\" directory, along\nwith all other customized configuration files.\n\nAll users of JBoss Enterprise Application Platform 4.3.0 CP10 as provided\nfrom the Red Hat Customer Portal are advised to install this update.", "cvss3": {}, "published": "2012-01-19T17:20:26", "type": "redhat", "title": "(RHSA-2012:0041) Moderate: jbossweb security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2526", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "modified": "2019-02-20T12:33:14", "id": "RHSA-2012:0041", "href": "https://access.redhat.com/errata/RHSA-2012:0041", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-21T04:45:02", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was found that web applications could modify the location of the Tomcat\nhost's work directory. As web applications deployed on Tomcat have read and\nwrite access to this directory, a malicious web application could use this\nflaw to trick Tomcat into giving it read and write access to an arbitrary\ndirectory on the file system. (CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager application,\nused for managing web applications on Apache Tomcat. A malicious web\napplication could use this flaw to conduct an XSS attack, leading to\narbitrary web script execution with the privileges of victims who are\nlogged into and viewing Manager application web pages. (CVE-2011-0013)\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\noccurred when creating a new user with a JMX client, that user's password\nwas logged to Tomcat log files. Note: By default, only administrators have\naccess to such log files. (CVE-2011-2204)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Tomcat must be restarted for\nthis update to take effect.\n", "cvss3": {}, "published": "2011-12-20T00:00:00", "type": "redhat", "title": "(RHSA-2011:1845) Moderate: tomcat5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718", "CVE-2011-0013", "CVE-2011-1184", "CVE-2011-2204", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "modified": "2017-09-08T07:49:30", "id": "RHSA-2011:1845", "href": "https://access.redhat.com/errata/RHSA-2011:1845", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-19T18:37:47", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nAPR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and\nCVE-2011-2526 descriptions does not refer to APR provided by the apr\npackages. It refers to the implementation of APR provided by the Tomcat\nNative library, which provides support for using APR with Tomcat. This\nlibrary is not shipped with Red Hat Enterprise Linux 6. This update\nincludes fixes for users who have elected to use APR with Tomcat by taking\nthe Tomcat Native library from a different product. Such a configuration is\nnot supported by Red Hat, however.\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\nand APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker could\nsend a specially-crafted request that would cause the connector to treat\nthe message body as a new request. This allows arbitrary AJP messages to be\ninjected, possibly allowing an attacker to bypass a web application's\nauthentication checks and gain access to information they would otherwise\nbe unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\nconnector is used by default when the APR libraries are not present. The JK\nconnector is not affected by this flaw. (CVE-2011-3190)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\noccurred when creating a new user with a JMX client, that user's password\nwas logged to Tomcat log files. Note: By default, only administrators have\naccess to such log files. (CVE-2011-2204)\n\nA flaw was found in the way Tomcat handled sendfile request attributes when\nusing the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web\napplication running on a Tomcat instance could use this flaw to bypass\nsecurity manager restrictions and gain access to files it would otherwise\nbe unable to access, or possibly terminate the Java Virtual Machine (JVM).\nThe HTTP blocking IO (BIO) connector, which is not vulnerable to this\nissue, is used by default in Red Hat Enterprise Linux 6. (CVE-2011-2526)\n\nRed Hat would like to thank the Apache Tomcat project for reporting the\nCVE-2011-2526 issue.\n\nThis update also fixes the following bug:\n\n* Previously, in certain cases, if \"LANG=fr_FR\" or \"LANG=fr_FR.UTF-8\" was\nset as an environment variable or in \"/etc/sysconfig/tomcat6\" on 64-bit\nPowerPC systems, Tomcat may have failed to start correctly. With this\nupdate, Tomcat works as expected when LANG is set to \"fr_FR\" or\n\"fr_FR.UTF-8\". (BZ#748807)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Tomcat must be restarted for\nthis update to take effect.\n", "cvss3": {}, "published": "2011-12-05T00:00:00", "type": "redhat", "title": "(RHSA-2011:1780) Moderate: tomcat6 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "modified": "2018-06-06T16:24:22", "id": "RHSA-2011:1780", "href": "https://access.redhat.com/errata/RHSA-2011:1780", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:37:27", "description": "JBoss Web is a web container based on Apache Tomcat. It provides a single\ndeployment platform for the JavaServer Pages (JSP) and Java Servlet\ntechnologies.\n\nA flaw was found in the way JBoss Web handled UTF-8 surrogate pair\ncharacters. If JBoss Web was hosting an application with UTF-8 character\nencoding enabled, or that included user-supplied UTF-8 strings in a\nresponse, a remote attacker could use this flaw to cause a denial of\nservice (infinite loop) on the JBoss Web server. (CVE-2011-4610)\n\nIt was found that the Java hashCode() method implementation was susceptible\nto predictable hash collisions. A remote attacker could use this flaw to\ncause JBoss Web to use an excessive amount of CPU time by sending an HTTP\nrequest with a large number of parameters whose names map to the same hash\nvalue. This update introduces a limit on the number of parameters and\nheaders processed per request to mitigate this issue. The default limit is\n512 for parameters and 128 for headers. These defaults can be changed by\nsetting the \"-Dorg.apache.tomcat.util.http.Parameters.MAX_COUNT=x\" and\n\"-Dorg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT=x\" system properties\nas JAVA_OPTS entries in \"jboss-as-web/bin/run.conf\". (CVE-2011-4858)\n\nIt was found that JBoss Web did not handle large numbers of parameters and\nlarge parameter values efficiently. A remote attacker could make a JBoss\nWeb server use an excessive amount of CPU time by sending an HTTP request\ncontaining a large number of parameters or large parameter values. This\nupdate introduces limits on the number of parameters and headers processed\nper request to address this issue. Refer to the CVE-2011-4858 description\nfor information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT\nand org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nMultiple flaws were found in the way JBoss Web handled HTTP DIGEST\nauthentication. These flaws weakened the JBoss Web HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses of\nHTTP BASIC authentication, for example, allowing remote attackers to\nperform session replay attacks. (CVE-2011-1184, CVE-2011-5062,\nCVE-2011-5063, CVE-2011-5064)\n\nA flaw was found in the way JBoss Web handled sendfile request attributes\nwhen using the HTTP APR (Apache Portable Runtime) or NIO (Non-Blocking I/O)\nconnector. A malicious web application running on a JBoss Web instance\ncould use this flaw to bypass security manager restrictions and gain access\nto files it would otherwise be unable to access, or possibly terminate the\nJava Virtual Machine (JVM). (CVE-2011-2526)\n\nRed Hat would like to thank NTT OSSC for reporting CVE-2011-4610; oCERT for\nreporting CVE-2011-4858; and the Apache Tomcat project for reporting\nCVE-2011-2526. oCERT acknowledges Julian W\u00e4lde and Alexander Klink as the\noriginal reporters of CVE-2011-4858.\n\nWarning: Before applying this update, back up your JBoss Enterprise Web\nPlatform's \"jboss-as-web/server/[PROFILE]/deploy/\" directory and any other\ncustomized configuration files.\n\nUsers of JBoss Enterprise Web Platform 5.1.2 on Red Hat Enterprise Linux 4,\n5, and 6 should upgrade to these updated packages, which correct these\nissues. The JBoss server process must be restarted for this update to take\neffect.\n", "cvss3": {}, "published": "2012-01-31T00:00:00", "type": "redhat", "title": "(RHSA-2012:0076) Important: jbossweb security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2526", "CVE-2011-4610", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2018-06-06T22:39:14", "id": "RHSA-2012:0076", "href": "https://access.redhat.com/errata/RHSA-2012:0076", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-19T18:41:23", "description": "JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise\nApplication Platform. It provides a single deployment platform for the\nJavaServer Pages (JSP) and Java Servlet technologies.\n\nA flaw was found in the way JBoss Web handled UTF-8 surrogate pair\ncharacters. If JBoss Web was hosting an application with UTF-8 character\nencoding enabled, or that included user-supplied UTF-8 strings in a\nresponse, a remote attacker could use this flaw to cause a denial of\nservice (infinite loop) on the JBoss Web server. (CVE-2011-4610)\n\nIt was found that the Java hashCode() method implementation was\nsusceptible to predictable hash collisions. A remote attacker could use\nthis flaw to cause JBoss Web to use an excessive amount of CPU time by\nsending an HTTP request with a large number of parameters whose names map\nto the same hash value. This update introduces a limit on the number of\nparameters and headers processed per request to mitigate this issue. The\ndefault limit is 512 for parameters and 128 for headers. These defaults\ncan be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in\n\"jboss-as/server/[PROFILE]/deploy/properties-service.xml\". (CVE-2011-4858)\n\nIt was found that JBoss Web did not handle large numbers of parameters and\nlarge parameter values efficiently. A remote attacker could make a JBoss\nWeb server use an excessive amount of CPU time by sending an HTTP request\ncontaining a large number of parameters or large parameter values. This\nupdate introduces limits on the number of parameters and headers processed\nper request to address this issue. Refer to the CVE-2011-4858 description\nfor information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT\nand org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nMultiple flaws were found in the way JBoss Web handled HTTP DIGEST\nauthentication. These flaws weakened the JBoss Web HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses of\nHTTP BASIC authentication, for example, allowing remote attackers to\nperform session replay attacks. (CVE-2011-1184, CVE-2011-5062,\nCVE-2011-5063, CVE-2011-5064)\n\nA flaw was found in the way JBoss Web handled sendfile request attributes\nwhen using the HTTP APR (Apache Portable Runtime) or NIO (Non-Blocking I/O)\nconnector. A malicious web application running on a JBoss Web instance\ncould use this flaw to bypass security manager restrictions and gain access\nto files it would otherwise be unable to access, or possibly terminate the\nJava Virtual Machine (JVM). (CVE-2011-2526)\n\nRed Hat would like to thank NTT OSSC for reporting CVE-2011-4610; oCERT for\nreporting CVE-2011-4858; and the Apache Tomcat project for reporting\nCVE-2011-2526. oCERT acknowledges Julian W\u00e4lde and Alexander Klink as the\noriginal reporters of CVE-2011-4858.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"jboss-as/server/[PROFILE]/deploy/\" directory, along\nwith all other customized configuration files.\n\nUsers of JBoss Enterprise Application Platform 5.1.2 on Red Hat Enterprise\nLinux 4, 5, and 6 should upgrade to these updated packages, which correct\nthese issues. The JBoss server process must be restarted for this update to\ntake effect.\n", "cvss3": {}, "published": "2012-01-31T00:00:00", "type": "redhat", "title": "(RHSA-2012:0074) Important: jbossweb security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2526", "CVE-2011-4610", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2018-06-06T22:37:45", "id": "RHSA-2012:0074", "href": "https://access.redhat.com/errata/RHSA-2012:0074", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-19T20:36:26", "description": "JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise\nApplication Platform. It provides a single deployment platform for the\nJavaServer Pages (JSP) and Java Servlet technologies.\n\nA flaw was found in the way JBoss Web handled UTF-8 surrogate pair\ncharacters. If JBoss Web was hosting an application with UTF-8 character\nencoding enabled, or that included user-supplied UTF-8 strings in a\nresponse, a remote attacker could use this flaw to cause a denial of\nservice (infinite loop) on the JBoss Web server. (CVE-2011-4610)\n\nIt was found that the Java hashCode() method implementation was\nsusceptible to predictable hash collisions. A remote attacker could use\nthis flaw to cause JBoss Web to use an excessive amount of CPU time by\nsending an HTTP request with a large number of parameters whose names map\nto the same hash value. This update introduces a limit on the number of\nparameters and headers processed per request to mitigate this issue. The\ndefault limit is 512 for parameters and 128 for headers. These defaults\ncan be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in\n\"jboss-as/server/[PROFILE]/deploy/properties-service.xml\". (CVE-2011-4858)\n\nIt was found that JBoss Web did not handle large numbers of parameters and\nlarge parameter values efficiently. A remote attacker could make a JBoss\nWeb server use an excessive amount of CPU time by sending an HTTP request\ncontaining a large number of parameters or large parameter values. This\nupdate introduces limits on the number of parameters and headers processed\nper request to address this issue. Refer to the CVE-2011-4858 description\nfor information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT\nand org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nMultiple flaws were found in the way JBoss Web handled HTTP DIGEST\nauthentication. These flaws weakened the JBoss Web HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses of\nHTTP BASIC authentication, for example, allowing remote attackers to\nperform session replay attacks. (CVE-2011-1184, CVE-2011-5062,\nCVE-2011-5063, CVE-2011-5064)\n\nA flaw was found in the way JBoss Web handled sendfile request attributes\nwhen using the HTTP APR (Apache Portable Runtime) or NIO (Non-Blocking I/O)\nconnector. A malicious web application running on a JBoss Web instance\ncould use this flaw to bypass security manager restrictions and gain access\nto files it would otherwise be unable to access, or possibly terminate the\nJava Virtual Machine (JVM). (CVE-2011-2526)\n\nRed Hat would like to thank NTT OSSC for reporting CVE-2011-4610; oCERT for\nreporting CVE-2011-4858; and the Apache Tomcat project for reporting\nCVE-2011-2526. oCERT acknowledges Julian W\u00e4lde and Alexander Klink as the\noriginal reporters of CVE-2011-4858.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"jboss-as/server/[PROFILE]/deploy/\" directory, along\nwith all other customized configuration files.\n\nAll users of JBoss Enterprise Application Platform 5.1.2 as provided from\nthe Red Hat Customer Portal are advised to install this update.", "cvss3": {}, "published": "2012-01-31T22:54:32", "type": "redhat", "title": "(RHSA-2012:0075) Important: jbossweb security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2526", "CVE-2011-4610", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2019-02-20T12:33:58", "id": "RHSA-2012:0075", "href": "https://access.redhat.com/errata/RHSA-2012:0075", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-19T20:37:45", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nJBoss Enterprise Web Server includes the Tomcat Native library, providing\nApache Portable Runtime (APR) support for Tomcat. References in this text\nto APR refer to the Tomcat Native implementation, not any other apr\npackage.\n\nThis update includes bug fixes as documented in JBPAPP-4873 and\nJBPAPP-6133. It also resolves the following security issues:\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063,\nCVE-2011-5064)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\nand APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker could\nsend a specially-crafted request that would cause the connector to treat\nthe message body as a new request. This allows arbitrary AJP messages to be\ninjected, possibly allowing an attacker to bypass a web application's\nauthentication checks and gain access to information they would otherwise\nbe unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\nconnector is used by default when the APR libraries are not present. The JK\nconnector is not affected by this flaw. (CVE-2011-3190)\n\nIt was found that the Java hashCode() method implementation was susceptible\nto predictable hash collisions. A remote attacker could use this flaw to\ncause Tomcat to use an excessive amount of CPU time by sending an HTTP\nrequest with a large number of parameters whose names map to the same hash\nvalue. This update introduces a limit on the number of parameters processed\nper request to mitigate this issue. The default limit is 512 for parameters\nand 128 for headers. These defaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters and\nlarge parameter values efficiently. A remote attacker could make Tomcat use\nan excessive amount of CPU time by sending an HTTP request containing a\nlarge number of parameters or large parameter values. This update\nintroduces limits on the number of parameters and headers processed per\nrequest to address this issue. Refer to the CVE-2011-4858 description for\ninformation about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\noccurred when creating a new user with a JMX client, that user's password\nwas logged to Tomcat log files. Note: By default, only administrators have\naccess to such log files. (CVE-2011-2204)\n\nA flaw was found in the way Tomcat handled sendfile request attributes\nwhen using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious\nweb application running on a Tomcat instance could use this flaw to bypass\nsecurity manager restrictions and gain access to files it would otherwise\nbe unable to access, or possibly terminate the Java Virtual Machine (JVM).\nThe HTTP NIO connector is used by default in JBoss Enterprise Web Server.\n(CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the\nApache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges\nJulian W\u00e4lde and Alexander Klink as the original reporters of\nCVE-2011-4858.\n\nAll users of JBoss Enterprise Web Server 1.0.2 as provided from the Red Hat\nCustomer Portal are advised to apply this update.", "cvss3": {}, "published": "2012-05-21T16:19:01", "type": "redhat", "title": "(RHSA-2012:0679) Moderate: tomcat5 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2019-02-20T12:33:40", "id": "RHSA-2012:0679", "href": "https://access.redhat.com/errata/RHSA-2012:0679", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:38:45", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nJBoss Enterprise Web Server includes the Tomcat Native library, providing\nApache Portable Runtime (APR) support for Tomcat. References in this text\nto APR refer to the Tomcat Native implementation, not any other apr\npackage.\n\nThis update includes bug fixes as documented in JBPAPP-4873 and\nJBPAPP-6133. It also resolves the following security issues:\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063,\nCVE-2011-5064)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\nand APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker could\nsend a specially-crafted request that would cause the connector to treat\nthe message body as a new request. This allows arbitrary AJP messages to be\ninjected, possibly allowing an attacker to bypass a web application's\nauthentication checks and gain access to information they would otherwise\nbe unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\nconnector is used by default when the APR libraries are not present. The JK\nconnector is not affected by this flaw. (CVE-2011-3190)\n\nIt was found that the Java hashCode() method implementation was susceptible\nto predictable hash collisions. A remote attacker could use this flaw to\ncause Tomcat to use an excessive amount of CPU time by sending an HTTP\nrequest with a large number of parameters whose names map to the same hash\nvalue. This update introduces a limit on the number of parameters processed\nper request to mitigate this issue. The default limit is 512 for parameters\nand 128 for headers. These defaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters and\nlarge parameter values efficiently. A remote attacker could make Tomcat use\nan excessive amount of CPU time by sending an HTTP request containing a\nlarge number of parameters or large parameter values. This update\nintroduces limits on the number of parameters and headers processed per\nrequest to address this issue. Refer to the CVE-2011-4858 description for\ninformation about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\noccurred when creating a new user with a JMX client, that user's password\nwas logged to Tomcat log files. Note: By default, only administrators have\naccess to such log files. (CVE-2011-2204)\n\nA flaw was found in the way Tomcat handled sendfile request attributes\nwhen using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious\nweb application running on a Tomcat instance could use this flaw to bypass\nsecurity manager restrictions and gain access to files it would otherwise\nbe unable to access, or possibly terminate the Java Virtual Machine (JVM).\nThe HTTP NIO connector is used by default in JBoss Enterprise Web Server.\n(CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the\nApache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges\nJulian W\u00e4lde and Alexander Klink as the original reporters of\nCVE-2011-4858.\n\nUsers of Tomcat should upgrade to these updated packages, which resolve\nthese issues. Tomcat must be restarted for this update to take effect.\n", "cvss3": {}, "published": "2012-05-21T00:00:00", "type": "redhat", "title": "(RHSA-2012:0680) Moderate: tomcat5 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2018-06-06T22:42:41", "id": "RHSA-2012:0680", "href": "https://access.redhat.com/errata/RHSA-2012:0680", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:38:14", "description": "Apache Tomcat is a servlet container.\n\nJBoss Enterprise Web Server includes the Tomcat Native library, providing\nApache Portable Runtime (APR) support for Tomcat. References in this text\nto APR refer to the Tomcat Native implementation, not any other apr\npackage.\n\nThis update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It\nalso resolves the following security issues:\n\nMultiple flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063,\nCVE-2011-5064)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\nand APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker could\nsend a specially-crafted request that would cause the connector to treat\nthe message body as a new request. This allows arbitrary AJP messages to be\ninjected, possibly allowing an attacker to bypass a web application's\nauthentication checks and gain access to information they would otherwise\nbe unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\nconnector is used by default when the APR libraries are not present. The JK\nconnector is not affected by this flaw. (CVE-2011-3190)\n\nA flaw in the way Tomcat recycled objects that contain data from user\nrequests (such as IP addresses and HTTP headers) when certain errors\noccurred. If a user sent a request that caused an error to be logged,\nTomcat would return a reply to the next request (which could be sent by a\ndifferent user) with data from the first user's request, leading to\ninformation disclosure. Under certain conditions, a remote attacker could\nleverage this flaw to hijack sessions. (CVE-2011-3375)\n\nThe Java hashCode() method implementation was susceptible to predictable\nhash collisions. A remote attacker could use this flaw to cause Tomcat to\nuse an excessive amount of CPU time by sending an HTTP request with a large\nnumber of parameters whose names map to the same hash value. This update\nintroduces a limit on the number of parameters processed per request to\nmitigate this issue. The default limit is 512 for parameters and 128 for\nheaders. These defaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nTomcat did not handle large numbers of parameters and large parameter\nvalues efficiently. A remote attacker could make Tomcat use an excessive\namount of CPU time by sending an HTTP request containing a large number of\nparameters or large parameter values. This update introduces limits on the\nnumber of parameters and headers processed per request to address this\nissue. Refer to the CVE-2011-4858 description for information about the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nA flaw in the Tomcat MemoryUserDatabase. If a runtime exception occurred\nwhen creating a new user with a JMX client, that user's password was logged\nto Tomcat log files. Note: By default, only administrators have access to\nsuch log files. (CVE-2011-2204)\n\nA flaw in the way Tomcat handled sendfile request attributes when using the\nHTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application\nrunning on a Tomcat instance could use this flaw to bypass security manager\nrestrictions and gain access to files it would otherwise be unable to\naccess, or possibly terminate the Java Virtual Machine (JVM). The HTTP NIO\nconnector is used by default in JBoss Enterprise Web Server.\n(CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the\nApache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges\nJulian W\u00e4lde and Alexander Klink as the original reporters of\nCVE-2011-4858.", "cvss3": {}, "published": "2012-05-21T16:31:40", "type": "redhat", "title": "(RHSA-2012:0681) Moderate: tomcat6 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2019-02-20T12:33:40", "id": "RHSA-2012:0681", "href": "https://access.redhat.com/errata/RHSA-2012:0681", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:37:57", "description": "Apache Tomcat is a servlet container.\n\nJBoss Enterprise Web Server includes the Tomcat Native library, providing\nApache Portable Runtime (APR) support for Tomcat. References in this text\nto APR refer to the Tomcat Native implementation, not any other apr\npackage.\n\nThis update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It\nalso resolves the following security issues:\n\nMultiple flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063,\nCVE-2011-5064)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\nand APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker could\nsend a specially-crafted request that would cause the connector to treat\nthe message body as a new request. This allows arbitrary AJP messages to be\ninjected, possibly allowing an attacker to bypass a web application's\nauthentication checks and gain access to information they would otherwise\nbe unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\nconnector is used by default when the APR libraries are not present. The JK\nconnector is not affected by this flaw. (CVE-2011-3190)\n\nA flaw in the way Tomcat recycled objects that contain data from user\nrequests (such as IP addresses and HTTP headers) when certain errors\noccurred. If a user sent a request that caused an error to be logged,\nTomcat would return a reply to the next request (which could be sent by a\ndifferent user) with data from the first user's request, leading to\ninformation disclosure. Under certain conditions, a remote attacker could\nleverage this flaw to hijack sessions. (CVE-2011-3375)\n\nThe Java hashCode() method implementation was susceptible to predictable\nhash collisions. A remote attacker could use this flaw to cause Tomcat to\nuse an excessive amount of CPU time by sending an HTTP request with a large\nnumber of parameters whose names map to the same hash value. This update\nintroduces a limit on the number of parameters processed per request to\nmitigate this issue. The default limit is 512 for parameters and 128 for\nheaders. These defaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nTomcat did not handle large numbers of parameters and large parameter\nvalues efficiently. A remote attacker could make Tomcat use an excessive\namount of CPU time by sending an HTTP request containing a large number of\nparameters or large parameter values. This update introduces limits on the\nnumber of parameters and headers processed per request to address this\nissue. Refer to the CVE-2011-4858 description for information about the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nA flaw in the Tomcat MemoryUserDatabase. If a runtime exception occurred\nwhen creating a new user with a JMX client, that user's password was logged\nto Tomcat log files. Note: By default, only administrators have access to\nsuch log files. (CVE-2011-2204)\n\nA flaw in the way Tomcat handled sendfile request attributes when using the\nHTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application\nrunning on a Tomcat instance could use this flaw to bypass security manager\nrestrictions and gain access to files it would otherwise be unable to\naccess, or possibly terminate the Java Virtual Machine (JVM). The HTTP NIO\nconnector is used by default in JBoss Enterprise Web Server.\n(CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the\nApache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges\nJulian W\u00e4lde and Alexander Klink as the original reporters of\nCVE-2011-4858.\n", "cvss3": {}, "published": "2012-05-21T00:00:00", "type": "redhat", "title": "(RHSA-2012:0682) Moderate: tomcat6 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2018-06-06T22:42:41", "id": "RHSA-2012:0682", "href": "https://access.redhat.com/errata/RHSA-2012:0682", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2023-01-01T04:46:30", "description": "**CentOS Errata and Security Advisory** CESA-2011:1845\n\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was found that web applications could modify the location of the Tomcat\nhost's work directory. As web applications deployed on Tomcat have read and\nwrite access to this directory, a malicious web application could use this\nflaw to trick Tomcat into giving it read and write access to an arbitrary\ndirectory on the file system. (CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager application,\nused for managing web applications on Apache Tomcat. A malicious web\napplication could use this flaw to conduct an XSS attack, leading to\narbitrary web script execution with the privileges of victims who are\nlogged into and viewing Manager application web pages. (CVE-2011-0013)\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\noccurred when creating a new user with a JMX client, that user's password\nwas logged to Tomcat log files. Note: By default, only administrators have\naccess to such log files. (CVE-2011-2204)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Tomcat must be restarted for\nthis update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2011-December/067811.html\nhttps://lists.centos.org/pipermail/centos-announce/2011-December/067812.html\n\n**Affected packages:**\ntomcat5\ntomcat5-admin-webapps\ntomcat5-common-lib\ntomcat5-jasper\ntomcat5-jasper-javadoc\ntomcat5-jsp-2.0-api\ntomcat5-jsp-2.0-api-javadoc\ntomcat5-server-lib\ntomcat5-servlet-2.4-api\ntomcat5-servlet-2.4-api-javadoc\ntomcat5-webapps\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2011:1845", "cvss3": {}, "published": "2011-12-20T19:18:57", "type": "centos", "title": "tomcat5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718", "CVE-2011-0013", "CVE-2011-1184", "CVE-2011-2204", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "modified": "2011-12-20T19:18:57", "id": "CESA-2011:1845", "href": "https://lists.centos.org/pipermail/centos-announce/2011-December/067811.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-01T04:46:33", "description": "**CentOS Errata and Security Advisory** CESA-2011:1780\n\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nAPR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and\nCVE-2011-2526 descriptions does not refer to APR provided by the apr\npackages. It refers to the implementation of APR provided by the Tomcat\nNative library, which provides support for using APR with Tomcat. This\nlibrary is not shipped with Red Hat Enterprise Linux 6. This update\nincludes fixes for users who have elected to use APR with Tomcat by taking\nthe Tomcat Native library from a different product. Such a configuration is\nnot supported by Red Hat, however.\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\nand APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker could\nsend a specially-crafted request that would cause the connector to treat\nthe message body as a new request. This allows arbitrary AJP messages to be\ninjected, possibly allowing an attacker to bypass a web application's\nauthentication checks and gain access to information they would otherwise\nbe unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\nconnector is used by default when the APR libraries are not present. The JK\nconnector is not affected by this flaw. (CVE-2011-3190)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\noccurred when creating a new user with a JMX client, that user's password\nwas logged to Tomcat log files. Note: By default, only administrators have\naccess to such log files. (CVE-2011-2204)\n\nA flaw was found in the way Tomcat handled sendfile request attributes when\nusing the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web\napplication running on a Tomcat instance could use this flaw to bypass\nsecurity manager restrictions and gain access to files it would otherwise\nbe unable to access, or possibly terminate the Java Virtual Machine (JVM).\nThe HTTP blocking IO (BIO) connector, which is not vulnerable to this\nissue, is used by default in Red Hat Enterprise Linux 6. (CVE-2011-2526)\n\nRed Hat would like to thank the Apache Tomcat project for reporting the\nCVE-2011-2526 issue.\n\nThis update also fixes the following bug:\n\n* Previously, in certain cases, if \"LANG=fr_FR\" or \"LANG=fr_FR.UTF-8\" was\nset as an environment variable or in \"/etc/sysconfig/tomcat6\" on 64-bit\nPowerPC systems, Tomcat may have failed to start correctly. With this\nupdate, Tomcat works as expected when LANG is set to \"fr_FR\" or\n\"fr_FR.UTF-8\". (BZ#748807)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Tomcat must be restarted for\nthis update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2011-December/067831.html\n\n**Affected packages:**\ntomcat6\ntomcat6-admin-webapps\ntomcat6-docs-webapp\ntomcat6-el-2.1-api\ntomcat6-javadoc\ntomcat6-jsp-2.1-api\ntomcat6-lib\ntomcat6-servlet-2.5-api\ntomcat6-webapps\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2011:1780", "cvss3": {}, "published": "2011-12-22T16:00:12", "type": "centos", "title": "tomcat6 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "modified": "2011-12-22T16:00:12", "id": "CESA-2011:1780", "href": "https://lists.centos.org/pipermail/centos-announce/2011-December/067831.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "tomcat": [{"lastseen": "2021-12-30T15:23:03", "description": "**Moderate: Multiple weaknesses in HTTP DIGEST authentication** [CVE-2011-1184](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184>)\n\nNote: Mitre elected to break this issue down into multiple issues and have allocated the following additional references to parts of this issue: [CVE-2011-5062](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5062>), [CVE-2011-5063](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5063>) and [CVE-2011-5064](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5064>). The Apache Tomcat security team will continue to treat this as a single issue using the reference [CVE-2011-1184](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184>).\n\nThe implementation of HTTP DIGEST authentication was discovered to have several weaknesses: \n\n * replay attacks were permitted\n * server nonces were not checked\n * client nonce counts were not checked\n * qop values were not checked\n * realm values were not checked\n * the server secret was hard-coded to a known string\n\nThe result of these weaknesses is that DIGEST authentication was only as secure as BASIC authentication. \n\nThis was fixed in [revision 1158180](<https://svn.apache.org/viewvc?view=rev&rev=1158180>).\n\nThis was identified by the Tomcat security team on 16 March 2011 and made public on 26 September 2011.\n\nAffects: 6.0.0-6.0.32\n\n**Low: Information disclosure** [CVE-2011-2204](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204>)\n\nWhen using the MemoryUserDatabase (based on tomcat-users.xml) and creating users via JMX, an exception during the user creation process may trigger an error message in the JMX client that includes the user's password. This error message is also written to the Tomcat logs. User passwords are visible to administrators with JMX access and/or administrators with read access to the tomcat-users.xml file. Users that do not have these permissions but are able to read log files may be able to discover a user's password.\n\nThis was fixed in [revision 1140071](<https://svn.apache.org/viewvc?view=rev&rev=1140071>).\n\nThis was identified by Polina Genova on 14 June 2011 and made public on 27 June 2011.\n\nAffects: 6.0.0-6.0.32\n\n**Low: Information disclosure** [CVE-2011-2526](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526>)\n\nTomcat provides support for sendfile with the HTTP NIO and HTTP APR connectors. sendfile is used automatically for content served via the DefaultServlet and deployed web applications may use it directly via setting request attributes. These request attributes were not validated. When running under a security manager, this lack of validation allowed a malicious web application to do one or more of the following that would normally be prevented by a security manager: \n\n * return files to users that the security manager should make inaccessible\n * terminate (via a crash) the JVM\n\nAdditionally, these vulnerabilities only occur when all of the following are true:\n\n * untrusted web applications are being used\n * the SecurityManager is used to limit the untrusted web applications \n * the HTTP NIO or HTTP APR connector is used\n * sendfile is enabled for the connector (this is the default)\n\nThis was fixed in [revision 1146703](<https://svn.apache.org/viewvc?view=rev&rev=1146703>).\n\nThis was identified by the Tomcat security team on 7 July 2011 and made public on 13 July 2011.\n\nAffects: 6.0.0-6.0.32\n\n**Important: Information disclosure** [CVE-2011-2729](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2729>)\n\nDue to a bug in the capabilities code, jsvc (the service wrapper for Linux that is part of the Commons Daemon project) does not drop capabilities allowing the application to access files and directories owned by superuser. This vulnerability only occurs when all of the following are true: \n\n * Tomcat is running on a Linux operating system\n * jsvc was compiled with libcap\n * -user parameter is used\n\nAffected Tomcat versions shipped with source files for jsvc that included this vulnerability. \n\nThis was fixed in [revision 1153824](<https://svn.apache.org/viewvc?view=rev&rev=1153824>).\n\nThis was identified by Wilfried Weissmann on 20 July 2011 and made public on 12 August 2011.\n\nAffects: 6.0.30-6.0.32", "cvss3": {}, "published": "2011-08-18T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 6.0.33", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "modified": "2011-08-18T00:00:00", "id": "TOMCAT:069B7EBB4E58EC2D5411D908E561D693", "href": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.33", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-30T15:23:05", "description": "**Moderate: Multiple weaknesses in HTTP DIGEST authentication** [CVE-2011-1184](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184>)\n\nNote: Mitre elected to break this issue down into multiple issues and have allocated the following additional references to parts of this issue: [CVE-2011-5062](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5062>), [CVE-2011-5063](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5063>) and [CVE-2011-5064](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5064>). The Apache Tomcat security team will continue to treat this as a single issue using the reference [CVE-2011-1184](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184>).\n\nThe implementation of HTTP DIGEST authentication was discovered to have several weaknesses:\n\n * replay attacks were permitted\n * server nonces were not checked\n * client nonce counts were not checked\n * qop values were not checked\n * realm values were not checked\n * the server secret was hard-coded to a known string\n\nThe result of these weaknesses is that DIGEST authentication was only as secure as BASIC authentication. \n\nThis was fixed in [revision 1159309](<https://svn.apache.org/viewvc?view=rev&rev=1159309>).\n\nThis was identified by the Tomcat security team on 16 March 2011 and made public on 26 September 2011.\n\nAffects: 5.5.0-5.5.33\n\n**Low: Information disclosure** [CVE-2011-2204](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204>)\n\nWhen using the MemoryUserDatabase (based on tomcat-users.xml) and creating users via JMX, an exception during the user creation process may trigger an error message in the JMX client that includes the user's password. This error message is also written to the Tomcat logs. User passwords are visible to administrators with JMX access and/or administrators with read access to the tomcat-users.xml file. Users that do not have these permissions but are able to read log files may be able to discover a user's password.\n\nThis was fixed in [revision 1140072](<https://svn.apache.org/viewvc?view=rev&rev=1140072>).\n\nThis was identified by Polina Genova on 14 June 2011 and made public on 27 June 2011.\n\nAffects: 5.5.0-5.5.33\n\n**Low: Information disclosure** [CVE-2011-2526](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526>)\n\nTomcat provides support for sendfile with the HTTP APR connector. sendfile is used automatically for content served via the DefaultServlet and deployed web applications may use it directly via setting request attributes. These request attributes were not validated. When running under a security manager, this lack of validation allowed a malicious web application to do one or more of the following that would normally be prevented by a security manager: \n\n * return files to users that the security manager should make inaccessible\n * terminate (via a crash) the JVM\n\nAdditionally, these vulnerabilities only occur when all of the following are true:\n\n * untrusted web applications are being used\n * the SecurityManager is used to limit the untrusted web applications \n * the HTTP APR connector is used\n * sendfile is enabled for the connector (this is the default)\n\nThis was fixed in [revision 1158244](<https://svn.apache.org/viewvc?view=rev&rev=1158244>).\n\nThis was identified by the Tomcat security team on 7 July 2011 and made public on 13 July 2011.\n\nAffects: 5.5.0-5.5.33\n\n**Important: Information disclosure** [CVE-2011-2729](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2729>)\n\nDue to a bug in the capabilities code, jsvc (the service wrapper for Linux that is part of the Commons Daemon project) does not drop capabilities allowing the application to access files and directories owned by superuser. This vulnerability only occurs when all of the following are true: \n\n * Tomcat is running on a Linux operating system\n * jsvc was compiled with libcap\n * -user parameter is used\n\nAffected Tomcat versions shipped with source files for jsvc that included this vulnerability. \n\nThis was fixed in [revision 1159346](<https://svn.apache.org/viewvc?view=rev&rev=1159346>).\n\nThis was identified by Wilfried Weissmann on 20 July 2011 and made public on 12 August 2011.\n\nAffects: 5.5.32-5.5.33\n\n**Important: Authentication bypass and information disclosure ** [CVE-2011-3190](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190>)\n\nApache Tomcat supports the AJP protocol which is used with reverse proxies to pass requests and associated data about the request from the reverse proxy to Tomcat. The AJP protocol is designed so that when a request includes a request body, an unsolicited AJP message is sent to Tomcat that includes the first part (or possibly all) of the request body. In certain circumstances, Tomcat did not process this message as a request body but as a new request. This permitted an attacker to have full control over the AJP message permitting authentication bypass and information disclosure. This vulnerability only occurs when all of the following are true: \n\n * The org.apache.jk.server.JkCoyoteHandler AJP connector is not used \n * POST requests are accepted\n * The request body is not processed\n\nThis was fixed in [revision 1162960](<https://svn.apache.org/viewvc?view=rev&rev=1162960>).\n\nThis was reported publicly on 20th August 2011.\n\nAffects: 5.5.0-5.5.33\n\nMitigation options:\n\n * Upgrade to Tomcat 5.5.34.\n * Apply the appropriate [patch](<https://svn.apache.org/viewvc?view=rev&rev=1162960>).\n * Configure both Tomcat and the reverse proxy to use a shared secret. \n(It is \"`request.secret`\" attribute in AJP <Connector>, \"`worker._workername_.secret`\" directive for mod_jk. The mod_proxy_ajp module currently does not support shared secrets). \n * Use the org.apache.jk.server.JkCoyoteHandler (BIO) AJP connector implementation. \n(It is automatically selected if you do not have Tomcat-Native library installed. It can be also selected explicitly: `<Connector protocol=\"org.apache.jk.server.JkCoyoteHandler\">`). \n\nReferences:\n\n * AJP Connector documentation (Tomcat 5.5)\n * workers.properties configuration (mod_jk)", "cvss3": {}, "published": "2011-09-22T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 5.5.34", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-3190", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "modified": "2011-09-22T00:00:00", "id": "TOMCAT:849CF1402BC4CAFABDA4ED36FA85F4FA", "href": "https://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.34", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-30T15:23:03", "description": "**Important: Security constraint bypass** [CVE-2011-1582](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1582>)\n\nAn error in the fixes for CVE-2011-1088/CVE-2011-1183 meant that security constraints configured via annotations were ignored on the first request to a Servlet. Subsequent requests were secured correctly.\n\nThis was fixed in [revision 1100832](<https://svn.apache.org/viewvc?view=rev&rev=1100832>).\n\nThis was identified by the Tomcat security team on 13 April 2011 and made public on 17 May 2011.\n\nAffects: 7.0.12-7.0.13", "cvss3": {}, "published": "2011-05-12T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 7.0.14", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1088", "CVE-2011-1183", "CVE-2011-1582"], "modified": "2011-05-12T00:00:00", "id": "TOMCAT:205164F0DDE6E8C98A7D7D1A06B0C529", "href": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.14", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-12-30T15:23:03", "description": "**Important: Security constraint bypass** [CVE-2011-1088](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1088>)\n\nWhen a web application was started, `ServletSecurity` annotations were ignored. This meant that some areas of the application may not have been protected as expected. This was partially fixed in Apache Tomcat 7.0.10 and fully fixed in 7.0.11.\n\nThis was fixed in revisions [1076586](<https://svn.apache.org/viewvc?view=rev&rev=1076586>), [1076587](<https://svn.apache.org/viewvc?view=rev&rev=1076587>), [1077995](<https://svn.apache.org/viewvc?view=rev&rev=1077995>) and [1079752](<https://svn.apache.org/viewvc?view=rev&rev=1079752>).\n\nThis was reported publicly on the Tomcat users mailing list on 2 Mar 2011.\n\nAffects: 7.0.0-7.0.10", "cvss3": {}, "published": "2011-03-11T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 7.0.11", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1088"], "modified": "2011-03-11T00:00:00", "id": "TOMCAT:83FB108AC25AD4A30E9D398A8B370AB9", "href": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.11", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:07", "description": "[0:5.5.23-0jpp.22]\n- Resolves: CVE-2011-0013 rhbz 675931\n- Resolves: CVE-2010-3718 rhbz 675931\n- Resolves: CVE-2011-1184 rhbz 744983\n- Resolves: CVE-2011-2204 rhbz 719181", "cvss3": {}, "published": "2011-12-20T00:00:00", "type": "oraclelinux", "title": "tomcat5 security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-0013", "CVE-2011-5063", "CVE-2011-5062", "CVE-2011-1184", "CVE-2010-3718", "CVE-2011-5064"], "modified": "2011-12-20T00:00:00", "id": "ELSA-2011-1845", "href": "http://linux.oracle.com/errata/ELSA-2011-1845.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:29", "description": "[0:6.0.24-35]\n- Resolves: cve-2011-3190\n- Resolves: cve-2011-2204\n- Resolves: cve-2011-2526\n- Resolves: cve-2011-1184\n- Resolves: rhbz 748807 - tomcat6 broken when LANG=fr", "cvss3": {}, "published": "2011-12-05T00:00:00", "type": "oraclelinux", "title": "tomcat6 security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-5063", "CVE-2011-5062", "CVE-2011-1184", "CVE-2011-5064", "CVE-2011-3190"], "modified": "2011-12-05T00:00:00", "id": "ELSA-2011-1780", "href": "http://linux.oracle.com/errata/ELSA-2011-1780.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:20", "description": "[0:5.5.23-0jpp.31]\n- Resolves: CVE-2012 regression. Changed patch file.\n[0:5.5.23-0jpp.30]\n- Resolves: CVE-2012-0022, CVE-2011-4858\n[0:5.5.23-0jpp.27]\n- Resolves CVE-2011-0013 rhbz 675933\n- Resolves CVE-2011-3718 rhbz 675933\n[0:5.5.23-0jpp.23]\n- Resolves CVE-2011-1184 rhbz 744984\n- Resolves CVE-2011-2204 rhbz 719188", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "oraclelinux", "title": "tomcat5 security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-0022", "CVE-2011-2204", "CVE-2011-0013", "CVE-2011-4858", "CVE-2011-1184", "CVE-2011-3718"], "modified": "2012-04-11T00:00:00", "id": "ELSA-2012-0474", "href": "http://linux.oracle.com/errata/ELSA-2012-0474.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:31:21", "description": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x\nbefore 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop\nvalues, which might allow remote attackers to bypass intended\nintegrity-protection requirements via a qop=auth value, a different\nvulnerability than CVE-2011-1184.", "cvss3": {}, "published": "2012-01-14T00:00:00", "type": "ubuntucve", "title": "CVE-2011-5062", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-5062"], "modified": "2012-01-14T00:00:00", "id": "UB:CVE-2011-5062", "href": "https://ubuntu.com/security/CVE-2011-5062", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T14:31:22", "description": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x\nbefore 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check\nrealm values, which might allow remote attackers to bypass intended access\nrestrictions by leveraging the availability of a protection space with\nweaker authentication or authorization requirements, a different\nvulnerability than CVE-2011-1184.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | MITRE split this out from CVE-2011-1184.\n", "cvss3": {}, "published": "2012-01-14T00:00:00", "type": "ubuntucve", "title": "CVE-2011-5063", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-5063"], "modified": "2012-01-14T00:00:00", "id": "UB:CVE-2011-5063", "href": "https://ubuntu.com/security/CVE-2011-5063", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T14:31:22", "description": "DigestAuthenticator.java in the HTTP Digest Access Authentication\nimplementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and\n7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka\nprivate key), which makes it easier for remote attackers to bypass\ncryptographic protection mechanisms by leveraging knowledge of this string,\na different vulnerability than CVE-2011-1184.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | MITRE split this out from CVE-2011-1184.\n", "cvss3": {}, "published": "2012-01-14T00:00:00", "type": "ubuntucve", "title": "CVE-2011-5064", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-5064"], "modified": "2012-01-14T00:00:00", "id": "UB:CVE-2011-5064", "href": "https://ubuntu.com/security/CVE-2011-5064", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T14:33:55", "description": "Apache Tomcat 7.0.11, when web.xml has no login configuration, does not\nfollow security constraints, which allows remote attackers to bypass\nintended access restrictions via HTTP requests to a meta-data complete web\napplication. NOTE: this vulnerability exists because of an incorrect fix\nfor CVE-2011-1088 and CVE-2011-1419.", "cvss3": {}, "published": "2011-04-08T00:00:00", "type": "ubuntucve", "title": "CVE-2011-1183", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1088", "CVE-2011-1183", "CVE-2011-1419"], "modified": "2011-04-08T00:00:00", "id": "UB:CVE-2011-1183", "href": "https://ubuntu.com/security/CVE-2011-1183", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-08-04T14:33:33", "description": "Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet\nwithout following security constraints that have been configured through\nannotations, which allows remote attackers to bypass intended access\nrestrictions via HTTP requests. NOTE: this vulnerability exists because of\nan incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.", "cvss3": {}, "published": "2011-05-20T00:00:00", "type": "ubuntucve", "title": "CVE-2011-1582", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1088", "CVE-2011-1183", "CVE-2011-1419", "CVE-2011-1582"], "modified": "2011-05-20T00:00:00", "id": "UB:CVE-2011-1582", "href": "https://ubuntu.com/security/CVE-2011-1582", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T14:33:55", "description": "The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not\nproperly handle HTTP pipelining, which allows remote attackers to read\nresponses intended for other clients in opportunistic circumstances by\nexamining the application data in HTTP packets, related to \"a mix-up of\nresponses for requests from different users.\"", "cvss3": {}, "published": "2011-04-08T00:00:00", "type": "ubuntucve", "title": "CVE-2011-1475", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1475"], "modified": "2011-04-08T00:00:00", "id": "UB:CVE-2011-1475", "href": "https://ubuntu.com/security/CVE-2011-1475", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T14:32:23", "description": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x\nbefore 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the\nexpected countermeasures against replay attacks, which makes it easier for\nremote attackers to bypass intended access restrictions by sniffing the\nnetwork for valid requests, related to lack of checking of nonce (aka\nserver nonce) and nc (aka nonce-count or client nonce count) values.", "cvss3": {}, "published": "2011-09-26T00:00:00", "type": "ubuntucve", "title": "CVE-2011-1184", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184"], "modified": "2011-09-26T00:00:00", "id": "UB:CVE-2011-1184", "href": "https://ubuntu.com/security/CVE-2011-1184", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T14:27:35", "description": "The replay-countermeasure functionality in the HTTP Digest Access\nAuthentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x\nbefore 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce)\nvalues instead of nonce (aka server nonce) and nc (aka nonce-count) values,\nwhich makes it easier for remote attackers to bypass intended access\nrestrictions by sniffing the network for valid requests, a different\nvulnerability than CVE-2011-1184.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | This was originally called CVE-2012-3439\n", "cvss3": {}, "published": "2012-11-17T00:00:00", "type": "ubuntucve", "title": "CVE-2012-5885", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2012-3439", "CVE-2012-5885"], "modified": "2012-11-17T00:00:00", "id": "UB:CVE-2012-5885", "href": "https://ubuntu.com/security/CVE-2012-5885", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debiancve": [{"lastseen": "2022-03-17T19:33:48", "description": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.", "cvss3": {}, "published": "2012-01-14T21:55:00", "type": "debiancve", "title": "CVE-2011-5062", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-5062"], "modified": "2012-01-14T21:55:00", "id": "DEBIANCVE:CVE-2011-5062", "href": "https://security-tracker.debian.org/tracker/CVE-2011-5062", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-17T19:33:48", "description": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.", "cvss3": {}, "published": "2012-01-14T21:55:00", "type": "debiancve", "title": "CVE-2011-5063", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-5063"], "modified": "2012-01-14T21:55:00", "id": "DEBIANCVE:CVE-2011-5063", "href": "https://security-tracker.debian.org/tracker/CVE-2011-5063", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-17T19:33:48", "description": "DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.", "cvss3": {}, "published": "2012-01-14T21:55:00", "type": "debiancve", "title": "CVE-2011-5064", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-5064"], "modified": "2012-01-14T21:55:00", "id": "DEBIANCVE:CVE-2011-5064", "href": "https://security-tracker.debian.org/tracker/CVE-2011-5064", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-14T17:53:19", "description": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.", "cvss3": {}, "published": "2012-01-14T21:55:00", "type": "debiancve", "title": "CVE-2011-1184", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184"], "modified": "2012-01-14T21:55:00", "id": "DEBIANCVE:CVE-2011-1184", "href": "https://security-tracker.debian.org/tracker/CVE-2011-1184", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-17T19:33:48", "description": "The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.", "cvss3": {}, "published": "2012-11-17T19:55:00", "type": "debiancve", "title": "CVE-2012-5885", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2012-5885"], "modified": "2012-11-17T19:55:00", "id": "DEBIANCVE:CVE-2012-5885", "href": "https://security-tracker.debian.org/tracker/CVE-2012-5885", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "osv": [{"lastseen": "2022-07-13T19:59:54", "description": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.", "edition": 1, "cvss3": {}, "published": "2022-05-14T01:17:03", "type": "osv", "title": "Improper Authentication in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-5062", "CVE-2011-1184"], "modified": "2022-07-13T18:27:31", "id": "OSV:GHSA-4F7H-9J2X-CMR4", "href": "https://osv.dev/vulnerability/GHSA-4f7h-9j2x-cmr4", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-13T19:59:54", "description": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.", "edition": 1, "cvss3": {}, "published": "2022-05-14T01:17:03", "type": "osv", "title": "Improper Authentication in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-5063", "CVE-2011-1184"], "modified": "2022-07-13T18:29:02", "id": "OSV:GHSA-HFFM-FQV4-W27R", "href": "https://osv.dev/vulnerability/GHSA-hffm-fqv4-w27r", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-13T19:59:52", "description": "DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.", "edition": 1, "cvss3": {}, "published": "2022-05-14T01:17:03", "type": "osv", "title": "Use of Hard-coded Cryptographic Key in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-5064"], "modified": "2022-07-13T18:30:02", "id": "OSV:GHSA-6CR4-7C7P-P3XV", "href": "https://osv.dev/vulnerability/GHSA-6cr4-7c7p-p3xv", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-21T08:30:58", "description": "\nSeveral vulnerabilities have been found in Tomcat, a servlet and JSP\nengine:\n\n\n* [CVE-2011-1184](https://security-tracker.debian.org/tracker/CVE-2011-1184) [CVE-2011-5062](https://security-tracker.debian.org/tracker/CVE-2011-5062) [CVE-2011-5063](https://security-tracker.debian.org/tracker/CVE-2011-5063) [CVE-2011-5064](https://security-tracker.debian.org/tracker/CVE-2011-5064)\nThe HTTP Digest Access Authentication implementation performed\n insufficient countermeasures against replay attacks.\n* [CVE-2011-2204](https://security-tracker.debian.org/tracker/CVE-2011-2204)\nIn rare setups passwords were written into a logfile.\n* [CVE-2011-2526](https://security-tracker.debian.org/tracker/CVE-2011-2526)\nMissing input sanitising in the HTTP APR or HTTP NIO connectors\n could lead to denial of service.\n* [CVE-2011-3190](https://security-tracker.debian.org/tracker/CVE-2011-3190)\nAJP requests could be spoofed in some setups.\n* [CVE-2011-3375](https://security-tracker.debian.org/tracker/CVE-2011-3375)\nIncorrect request caching could lead to information disclosure.\n* [CVE-2011-4858](https://security-tracker.debian.org/tracker/CVE-2011-4858) [CVE-2012-0022](https://security-tracker.debian.org/tracker/CVE-2012-0022)\nThis update adds countermeasures against a collision denial of\n service vulnerability in the Java hashtable implementation and\n addresses denial of service potentials when processing large\n amounts of requests.\n\n\nAdditional information can be\nfound at \n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6.0.35-1+squeeze2.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 6.0.35-1.\n\n\nWe recommend that you upgrade your tomcat6 packages.\n\n\n", "edition": 1, "cvss3": {}, "published": "2012-02-02T00:00:00", "type": "osv", "title": "tomcat6 - several", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0022", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-4858", "CVE-2011-5063", "CVE-2011-5062", "CVE-2011-1184", "CVE-2011-3375", "CVE-2011-5064", "CVE-2011-3190"], "modified": "2022-07-21T05:47:37", "id": "OSV:DSA-2401-1", "href": "https://osv.dev/vulnerability/DSA-2401-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-13T19:59:55", "description": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.", "edition": 1, "cvss3": {}, "published": "2022-05-14T01:17:02", "type": "osv", "title": "Authentication Bypass in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184"], "modified": "2022-07-13T17:16:01", "id": "OSV:GHSA-Q9XF-JWR4-V445", "href": "https://osv.dev/vulnerability/GHSA-q9xf-jwr4-v445", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-13T02:19:13", "description": "The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.", "edition": 1, "cvss3": {}, "published": "2022-05-17T00:57:35", "type": "osv", "title": "Improper Access Control in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2012-5885"], "modified": "2022-07-12T22:16:48", "id": "OSV:GHSA-99RF-92V6-CWX4", "href": "https://osv.dev/vulnerability/GHSA-99rf-92v6-cwx4", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "github": [{"lastseen": "2023-01-27T05:06:55", "description": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.", "cvss3": {}, "published": "2022-05-14T01:17:03", "type": "github", "title": "Improper Authentication in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-5062"], "modified": "2023-01-27T05:02:13", "id": "GHSA-4F7H-9J2X-CMR4", "href": "https://github.com/advisories/GHSA-4f7h-9j2x-cmr4", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-27T05:06:55", "description": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.", "cvss3": {}, "published": "2022-05-14T01:17:03", "type": "github", "title": "Improper Authentication in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-5063"], "modified": "2023-01-27T05:02:13", "id": "GHSA-HFFM-FQV4-W27R", "href": "https://github.com/advisories/GHSA-hffm-fqv4-w27r", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-27T05:06:55", "description": "DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.", "cvss3": {}, "published": "2022-05-14T01:17:03", "type": "github", "title": "Use of Hard-coded Cryptographic Key in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-5064"], "modified": "2023-01-27T05:02:24", "id": "GHSA-6CR4-7C7P-P3XV", "href": "https://github.com/advisories/GHSA-6cr4-7c7p-p3xv", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-27T05:06:55", "description": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.", "cvss3": {}, "published": "2022-05-14T01:17:02", "type": "github", "title": "Authentication Bypass in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184"], "modified": "2023-01-27T05:02:13", "id": "GHSA-Q9XF-JWR4-V445", "href": "https://github.com/advisories/GHSA-q9xf-jwr4-v445", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-27T05:06:52", "description": "The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.", "cvss3": {}, "published": "2022-05-17T00:57:35", "type": "github", "title": "Improper Access Control in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2012-5885"], "modified": "2023-01-27T05:02:35", "id": "GHSA-99RF-92V6-CWX4", "href": "https://github.com/advisories/GHSA-99rf-92v6-cwx4", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2022-03-23T12:54:30", "description": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.", "cvss3": {}, "published": "2012-01-14T21:55:00", "type": "cve", "title": "CVE-2011-5062", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-5062"], "modified": "2019-03-25T11:33:00", "cpe": ["cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:5.5.2", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:5.5.9", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:5.5.1", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:5.5.23", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:5.5.18", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:5.5.24", "cpe:/a:apache:tomcat:5.5.20", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:5.5.30", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:5.5.7", "cpe:/a:apache:tomcat:5.5.33", "cpe:/a:apache:tomcat:5.5.19", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:5.5.27", "cpe:/a:apache:tomcat:6.0.9", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:5.5.21", "cpe:/a:apache:tomcat:5.5.29", "cpe:/a:apache:tomcat:5.5.12", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:5.5.31", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:5.5.8", "cpe:/a:apache:tomcat:5.5.14", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:5.5.13", "cpe:/a:apache:tomcat:5.5.5", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:5.5.15", "cpe:/a:apache:tomcat:5.5.6", "cpe:/a:apache:tomcat:5.5.16", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:5.5.22", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:5.5.28", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:5.5.11", "cpe:/a:apache:tomcat:5.5.17", "cpe:/a:apache:tomcat:5.5.10", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:5.5.25", "cpe:/a:apache:tomcat:5.5.0", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:5.5.26", "cpe:/a:apache:tomcat:5.5.4", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:5.5.32", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:5.5.3"], "id": "CVE-2011-5062", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5062", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:54:29", "description": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.", "cvss3": {}, "published": "2012-01-14T21:55:00", "type": "cve", "title": "CVE-2011-5063", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-5063"], "modified": "2019-03-25T11:33:00", "cpe": ["cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:5.5.2", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:5.5.9", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:5.5.1", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:5.5.23", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:5.5.18", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:5.5.24", "cpe:/a:apache:tomcat:5.5.20", "cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:5.5.30", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:5.5.7", "cpe:/a:apache:tomcat:5.5.19", "cpe:/a:apache:tomcat:5.5.33", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:5.5.27", "cpe:/a:apache:tomcat:6.0.9", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:5.5.21", "cpe:/a:apache:tomcat:5.5.29", "cpe:/a:apache:tomcat:5.5.12", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:5.5.31", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:5.5.8", "cpe:/a:apache:tomcat:5.5.14", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:5.5.13", "cpe:/a:apache:tomcat:5.5.5", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:5.5.6", "cpe:/a:apache:tomcat:5.5.15", "cpe:/a:apache:tomcat:5.5.16", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:5.5.22", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:5.5.28", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:5.5.11", "cpe:/a:apache:tomcat:5.5.17", "cpe:/a:apache:tomcat:5.5.10", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:5.5.25", "cpe:/a:apache:tomcat:5.5.0", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:5.5.26", "cpe:/a:apache:tomcat:5.5.4", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:5.5.32", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:5.5.3"], "id": "CVE-2011-5063", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5063", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:54:31", "description": "DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.", "cvss3": {}, "published": "2012-01-14T21:55:00", "type": "cve", "title": "CVE-2011-5064", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-5064"], "modified": "2019-03-25T11:33:00", "cpe": ["cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:5.5.2", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:5.5.9", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:5.5.1", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:5.5.23", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:5.5.18", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:5.5.24", "cpe:/a:apache:tomcat:5.5.20", "cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:5.5.30", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:5.5.7", "cpe:/a:apache:tomcat:5.5.33", "cpe:/a:apache:tomcat:5.5.19", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:5.5.27", "cpe:/a:apache:tomcat:6.0.9", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:5.5.21", "cpe:/a:apache:tomcat:5.5.29", "cpe:/a:apache:tomcat:5.5.12", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:5.5.31", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:5.5.8", "cpe:/a:apache:tomcat:5.5.14", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:5.5.13", "cpe:/a:apache:tomcat:5.5.5", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:5.5.6", "cpe:/a:apache:tomcat:5.5.15", "cpe:/a:apache:tomcat:5.5.16", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:5.5.22", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:5.5.28", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:5.5.11", "cpe:/a:apache:tomcat:5.5.17", "cpe:/a:apache:tomcat:5.5.10", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:5.5.25", "cpe:/a:apache:tomcat:5.5.0", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:5.5.26", "cpe:/a:apache:tomcat:5.5.4", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:5.5.32", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:5.5.3"], "id": "CVE-2011-5064", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5064", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:49:06", "description": "Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.", "cvss3": {}, "published": "2011-04-08T15:17:00", "type": "cve", "title": "CVE-2011-1183", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1088", "CVE-2011-1183", "CVE-2011-1419"], "modified": "2018-10-09T19:30:00", "cpe": ["cpe:/a:apache:tomcat:7.0.11"], "id": "CVE-2011-1183", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1183", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:56:02", "description": "Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.", "cvss3": {}, "published": "2011-05-20T22:55:00", "type": "cve", "title": "CVE-2011-1582", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1088", "CVE-2011-1183", "CVE-2011-1419", "CVE-2011-1582"], "modified": "2018-10-09T19:31:00", "cpe": ["cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:tomcat:7.0.13"], "id": "CVE-2011-1582", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1582", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:53:57", "description": "The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to \"a mix-up of responses for requests from different users.\"", "cvss3": {}, "published": "2011-04-08T15:17:00", "type": "cve", "title": "CVE-2011-1475", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1475"], "modified": "2017-09-19T01:32:00", "cpe": ["cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.1"], "id": "CVE-2011-1475", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1475", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:47:00", "description": "Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.", "cvss3": {}, "published": "2011-03-14T19:55:00", "type": "cve", "title": "CVE-2011-1088", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1088"], "modified": "2018-10-09T19:30:00", "cpe": ["cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.1"], "id": "CVE-2011-1088", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1088", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:49:07", "description": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.", "cvss3": {}, "published": "2012-01-14T21:55:00", "type": "cve", "title": "CVE-2011-1184", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184"], "modified": "2019-03-25T11:33:00", "cpe": ["cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:5.5.2", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:5.5.9", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:5.5.1", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:5.5.23", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:5.5.18", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:5.5.24", "cpe:/a:apache:tomcat:5.5.20", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:5.5.30", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:5.5.7", "cpe:/a:apache:tomcat:5.5.33", "cpe:/a:apache:tomcat:5.5.19", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:5.5.27", "cpe:/a:apache:tomcat:6.0.9", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:5.5.21", "cpe:/a:apache:tomcat:5.5.29", "cpe:/a:apache:tomcat:5.5.12", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:5.5.31", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:5.5.8", "cpe:/a:apache:tomcat:5.5.14", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:5.5.13", "cpe:/a:apache:tomcat:5.5.5", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:5.5.6", "cpe:/a:apache:tomcat:5.5.15", "cpe:/a:apache:tomcat:5.5.16", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:5.5.22", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:5.5.28", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:5.5.11", "cpe:/a:apache:tomcat:5.5.17", "cpe:/a:apache:tomcat:5.5.10", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:5.5.25", "cpe:/a:apache:tomcat:5.5.0", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:5.5.26", "cpe:/a:apache:tomcat:5.5.4", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:5.5.32", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:5.5.3"], "id": "CVE-2011-1184", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1184", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:52:59", "description": "Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.", "cvss3": {}, "published": "2011-03-14T19:55:00", "type": "cve", "title": "CVE-2011-1419", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1088", "CVE-2011-1419"], "modified": "2017-08-17T01:34:00", "cpe": ["cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.1"], "id": "CVE-2011-1419", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1419", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:29:14", "description": "The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.", "cvss3": {}, "published": "2012-11-17T19:55:00", "type": "cve", "title": "CVE-2012-5885", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2012-5885"], "modified": "2017-09-19T01:35:00", "cpe": ["cpe:/a:apache:tomcat:5.5.12", "cpe:/a:apache:tomcat:7.0.17", "cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:tomcat:5.5.31", "cpe:/a:apache:tomcat:5.5.20", "cpe:/a:apache:tomcat:5.5.16", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:5.5.4", "cpe:/a:apache:tomcat:7.0.20", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:5.5.10", "cpe:/a:apache:tomcat:5.5.30", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:5.5.5", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:7.0.23", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:5.5.26", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:5.5.25", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:5.5.35", "cpe:/a:apache:tomcat:5.5.3", "cpe:/a:apache:tomcat:7.0.15", "cpe:/a:apache:tomcat:5.5.29", "cpe:/a:apache:tomcat:5.5.14", "cpe:/a:apache:tomcat:7.0.22", "cpe:/a:apache:tomcat:5.5.15", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:5.5.33", "cpe:/a:apache:tomcat:5.5.1", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:5.5.7", "cpe:/a:apache:tomcat:5.5.9", "cpe:/a:apache:tomcat:5.5.2", "cpe:/a:apache:tomcat:5.5.32", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:7.0.18", "cpe:/a:apache:tomcat:7.0.16", "cpe:/a:apache:tomcat:6.0.9", "cpe:/a:apache:tomcat:7.0.13", "cpe:/a:apache:tomcat:7.0.21", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:5.5.22", "cpe:/a:apache:tomcat:5.5.6", "cpe:/a:apache:tomcat:5.5.23", "cpe:/a:apache:tomcat:7.0.19", "cpe:/a:apache:tomcat:5.5.0", "cpe:/a:apache:tomcat:5.5.27", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:5.5.8", "cpe:/a:apache:tomcat:5.5.28", "cpe:/a:apache:tomcat:7.0.25", "cpe:/a:apache:tomcat:6.0.33", "cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:5.5.24", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:5.5.34", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:5.5.19", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:5.5.17", "cpe:/a:apache:tomcat:5.5.21", "cpe:/a:apache:tomcat:5.5.18", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:5.5.13", "cpe:/a:apache:tomcat:7.0.28", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:5.5.11", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:6.0.35"], "id": "CVE-2012-5885", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5885", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*"]}], "debian": [{"lastseen": "2021-10-22T00:04:24", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2401-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 02, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat6\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190 \n CVE-2011-3375 CVE-2011-4858 CVE-2011-5062 CVE-2011-5063 \n CVE-2011-5064 CVE-2012-0022 \n\nSeveral vulnerabilities have been found in Tomcat, a servlet and JSP \nengine:\n\nCVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064\n\n The HTTP Digest Access Authentication implementation performed\n insufficient countermeasures against replay attacks.\n\nCVE-2011-2204\n\n In rare setups passwords were written into a logfile.\n\nCVE-2011-2526\n \n Missing input sanisiting in the HTTP APR or HTTP NIO connectors\n could lead to denial of service.\n\nCVE-2011-3190\n\n AJP requests could be spoofed in some setups.\n\nCVE-2011-3375\n\n Incorrect request caching could lead to information disclosure.\n\nCVE-2011-4858 CVE-2012-0022\n\n This update adds countermeasures against a collision denial of \n service vulnerability in the Java hashtable implementation and\n addresses denial of service potentials when processing large\n amounts of requests.\n\nAdditional information can be \nfound at http://tomcat.apache.org/security-6.html \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6.0.35-1+squeeze2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 6.0.35-1.\n\nWe recommend that you upgrade your tomcat6 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2012-02-02T19:29:50", "type": "debian", "title": "[SECURITY] [DSA 2401-1] tomcat6 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2012-02-02T19:29:50", "id": "DEBIAN:DSA-2401-1:5C59D", "href": "https://lists.debian.org/debian-security-announce/2012/msg00025.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2021-06-08T19:14:41", "description": "@ServletSecurity parameters are ignored.", "edition": 2, "cvss3": {}, "published": "2011-05-17T00:00:00", "type": "securityvulns", "title": "Apache Tomcat protection bypass", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1088", "CVE-2011-1183", "CVE-2011-1582"], "modified": "2011-05-17T00:00:00", "id": "SECURITYVULNS:VULN:11503", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11503", "sourceData": "", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:40", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCVE-2011-1582 Apache Tomcat security constraint bypass\r\n\r\nSeverity: Important\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- - Tomcat 7.0.12-7.0.13\r\n- - Earlier versions are not affected\r\n\r\nDescription:\r\nAn error in the fixes for CVE-2011-1088/CVE-2011-1183 meant that\r\nsecurity constraints configured via annotations were ignored on the\r\nfirst request to a Servlet. Subsequent requests were secured correctly.\r\n\r\nMitigation:\r\nUsers of affected versions should apply one of the following mitigations:\r\n- - Upgrade to a Tomcat 7.0.14 or later\r\n- - Define all security constraints in web.xml\r\n\r\nCredit:\r\nThis issue was identified by the Apache Tomcat security team.\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\nhttp://tomcat.apache.org/security-7.html\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r\n\r\niQIcBAEBAgAGBQJN0m4vAAoJEBDAHFovYFnn5NkQAOBocyvRk9fTGX569Ga95yDJ\r\nvV84ZS3D1jCP3VQ1swh1Ouzd9NdP9pRGVWysTjz6N1bsZ+BMpGIyT/GpMqhfPAPx\r\nOzzbkM2cNow8MR/PG3rFbYjQH1r6D400zSu+drHDtTzrOY2uXS2ClL0UuxUg9LcN\r\ntUfidh9629OMVtuWqA2jwTSrc7fDdye5Ti1HZ0g5vUG5Cvab4LCcRdwh2VWT7g3T\r\nLKUTr6AZAz0mQ/7+QNJOOykX+FJcOL99Q46NLVZzeLPWFoEBZn/BRs8O9WehYnLV\r\nEEZtARSaUzTjssePo/O+oV4xYW5JIA1+5sKG7+xIvIaWKMbIPbdrPEPZusK/X0QR\r\nLjdLbMUGcGzDUVNP0hGzpArIDXcWmslJKJ3YFTCg3VdeamULh12bqxw3AtliAzI9\r\npSTcMcVNOMWZOUl/Czc2I3t5ehWaOGr5j3D7No8mEFMCcRoQoRTNS7hKqqqKsyY4\r\nhTxMJV9dXox5mIuDY8hLaGY9KuUFIo2AXWnr7lqIBrKGrziVAySuIpKSnzuFvz2z\r\nq2DjPnXrFo/5W2ZVfUk0utCjyJX/NJdizKmW9PdQu4aT2BJdEgjjiW+qzPi20kZy\r\nHgySY8kEFbI8CyM6PqD6Yb5nzA/xR1YAYRQx1pWTrE5Y0B5MTctAaPCIJQoc3nIA\r\nGZ0Ziz0q/PX/x7ug1TnP\r\n=srIH\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2011-05-17T00:00:00", "title": "[SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1088", "CVE-2011-1183", "CVE-2011-1582"], "modified": "2011-05-17T00:00:00", "id": "SECURITYVULNS:DOC:26374", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26374", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2021-06-08T19:14:42", "description": "Under some conditions, information may be sent to wrong client.", "edition": 2, "cvss3": {}, "published": "2011-04-13T00:00:00", "type": "securityvulns", "title": "Apache Tomcat information leakage", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1475"], "modified": "2011-04-13T00:00:00", "id": "SECURITYVULNS:VULN:11584", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11584", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:39", "description": "CVE-2011-1475 Apache Tomcat information disclosure\r\n\r\nSeverity: Important\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- Tomcat 7.0.0 to 7.0.11\r\n- Earlier versions are not affected\r\n\r\nDescription:\r\nChanges introduced to the HTTP BIO connector to support Servlet 3.0\r\nasynchronous requests did not fully account for HTTP pipelining. As a\r\nresult, when using HTTP pipelining a range of unexpected behaviours\r\noccurred including the mixing up of responses between requests. While\r\nthe mix-up in responses was only observed between requests from the same\r\nuser, a mix-up of responses for requests from different users may also\r\nbe possible.\r\n\r\nMitigation:\r\nUsers of affected versions should apply one of the following mitigations:\r\n- Upgrade to a Tomcat 7.0.12 or later\r\n- Switch to the NIO or APR/native HTTP connectors that do not exhibit\r\nthis issue\r\n\r\nCredit:\r\nThis issue was identified by Brad Piles and reported via the public ASF\r\nBugzilla issue tracking system.\r\nThe Apache Tomcat security team requests that security vulnerability\r\nreports are made privately to security@tomcat.apache.org in the first\r\ninstance.\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\nhttp://tomcat.apache.org/security-7.html", "edition": 1, "cvss3": {}, "published": "2011-04-13T00:00:00", "title": "[SECURITY] CVE-2011-1475 Apache Tomcat information disclosure", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1475"], "modified": "2011-04-13T00:00:00", "id": "SECURITYVULNS:DOC:26119", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26119", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:39", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCVE-2011-1088 Apache Tomcat security constraint bypass\r\n\r\nSeverity: Important\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- - Tomcat 7.0.0 to 7.0.10\r\n- - Earlier versions are not affected\r\n\r\nDescription:\r\nWhen a web application was started, @ServletSecurity annotations were\r\nignored. This meant that some areas of the application may not have been\r\nprotected as expected.\r\n\r\nMitigation:\r\nUsers of affected versions should apply one of the following mitigations:\r\n- - Upgrade to a Tomcat version where this issue is fixed\r\n- - Define security constraints via an alternative mechanism such as web.xml\r\n\r\nCredit:\r\nThis issue was reported publicly on the Tomcat users mailing list.\r\nThe Apache Tomcat security requests that security vulnerability reports\r\nare made privately to security@tomcat.apache.org in the first instance.\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\nhttp://tomcat.apache.org/security-7.html\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r\n\r\niQIcBAEBAgAGBQJNfycmAAoJEBDAHFovYFnn3jgP/0aecIt4uUYHWbmzUPA0FNan\r\ntzjVfPskwPYrSuNbHjHuxPknmxUPSFiCdO3V1LLtnCX2y5+cNancWRjLX7lDbt8H\r\nsL+9AaoI8HDShG1wgYsnh/3fIKczhE28pTtyo0GtG4HpQVLcT/OH2Qhb6+mG3jwo\r\nSCia1eSTJuhj5HM3n2fb5X33n/UEkX/cCALDrt1DRfKV69MaZbMiZh7XfpyVDpdN\r\nLePYIeuOoxg9CVjkDYCVIaK5Bi0uzPD8yCc73dOU3YobgbDDaLSN7Awd1/RhO5TR\r\nfpWVbl0gbmMlPnMy52B9qZL+H9HwcNnYPqbtpquE2a6ik29QT4LMTNo0mr25XxmP\r\nK3Jb7VTcVb/P1pxFOsTyMWy25IFubMEBW4c3kafBZGUI3Q25QmNizBXZ5wvn1vex\r\nkBzDZrnKmkzvhnCy6RnTKk9BYGRWEw9ImTqLOaLxmtXJw9bnWgoeusnje1k/24QI\r\n3+pw/g5OjwG7hqtStrscFeo8tc/snXBojn1d21txsnLggQ0E6+9+vUVym5tBD16I\r\nMfzN7FSd620AFSmVUo5mEfEpDe+RTkA8y/7BnYHoguBQ7WLlxejCgRpaf91vBns6\r\nZEQGntzx7EW7M+P2GNHy1mrVGTQ7Glk/5tnAFyqgMOHzYyN11Y3OWO1XBv+1um8q\r\nkadENSXz4mY0vKtvaeuT\r\n=i/HJ\r\n-----END PGP SIGNATURE-----", "edition": 1, "cvss3": {}, "published": "2011-03-15T00:00:00", "type": "securityvulns", "title": "[SECURITY] CVE-2011-1088 Apache Tomcat security constraint bypass", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1088"], "modified": "2011-03-15T00:00:00", "id": "SECURITYVULNS:DOC:25932", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25932", "sourceData": "", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST\r\nauthentication\r\n\r\nSeverity: Moderate\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- - Tomcat 7.0.0 to 7.0.11\r\n- - Tomcat 6.0.0 to 6.0.32\r\n- - Tomcat 5.5.0 to 5.5.33\r\n- - Earlier, unsupported versions may also be affected\r\n\r\nDescription:\r\nThe implementation of HTTP DIGEST authentication was discovered to\r\nhave several weaknesses:\r\n- - replay attacks were permitted\r\n- - server nonces were not checked\r\n- - client nonce counts were not checked\r\n- - qop values were not checked\r\n- - realm values were not checked\r\n- - the server secret was hard-coded to a known string\r\nThe result of these weaknesses is that DIGEST authentication was only\r\nas secure as BASIC authentication.\r\n\r\nMitigation:\r\nUsers of Tomcat 7.0.x should upgrade to 7.0.12 or later\r\nUsers of Tomcat 6.0.x should upgrade to 6.0.33 or later\r\nUsers of Tomcat 5.5.x should upgrade to 5.5.34 or later\r\n\r\nCredit:\r\nThis issue was identified by the Apache Tomcat security team\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\nhttp://tomcat.apache.org/security-7.html\r\nhttp://tomcat.apache.org/security-6.html\r\nhttp://tomcat.apache.org/security-5.html\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r\n\r\niQIcBAEBAgAGBQJOgF0tAAoJEBDAHFovYFnnv70QALdoVwivDt9bXBEpMgjJ0/NY\r\nkadCFsA/X+O8TEKTRx/85B54Spgv8dGJFiPMettdbfjFuq7ADsRiAbxsZQ3dEIfJ\r\nesrWfPJRTpXhjKU1OOLmoDvoueAD0pD7/qvl8o9bFowxGXLWqvO/elFe+4AH2YjZ\r\nux9tWOlWn46Q7ffaNOzRebjPVIQ3ebB+FH9ToZAdNfFFIZbtxYRMV02wRfHWq+fU\r\nkTJ+hKF0XOpzyIut3zkmE00ZuvGAPLdnZcMKq9m/X/dt/niP2nT8H28Xx1Zu8sW+\r\nCUE7CRse4pI6fGuXVrOAk1akyN/hkiSPxDNsDnHxALTNmjr1Z+DAs7QT5IKc3EDv\r\nNeSXAnxKfIJ83jcjam1bEf38UN1uYatP/u6XJCVpnOr0UjJ9wtO+QgSV/93eiyD7\r\nYCpVcmKay/jvWmLPp7MRB+h6FGhJNw5OA5k7IWJePBXC39p6tpac3vsOKx1OGU38\r\nQKUglIro/TtZo7gmfeG8lD3lI493l25+3E/vBiSrbfSHua3bmyFQikQMhy2ZPYIt\r\n4wEfdaW4hUBJHpxkDaotuTTN8ATzQLtDNTGei2u76ZXQiOjTLUDGam++6fR+kfZU\r\ngloAy8ZIS702hoXg/ypFPtcyIx435dOgxtGIbOedmDUsy1ErGTCAksrOyn2yZl3v\r\n+Ew0bAULNmXwKQeMyDj0\r\n=u/Ai\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2011-09-26T00:00:00", "title": "[SECURITY] CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST authentication", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184"], "modified": "2011-09-26T00:00:00", "id": "SECURITYVULNS:DOC:27069", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27069", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2021-06-08T19:14:41", "description": "Multiple implementation errors make authentication vulnerable to different attacks.", "edition": 2, "cvss3": {}, "published": "2011-09-26T00:00:00", "type": "securityvulns", "title": "Apache Tomcat digest authentication vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184"], "modified": "2011-09-26T00:00:00", "id": "SECURITYVULNS:VULN:11927", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11927", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "cvss3": {}, "published": "2012-08-09T23:11:34", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: tomcat6-6.0.35-1.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1138", "CVE-2011-1183", "CVE-2011-1184"], "modified": "2012-08-09T23:11:34", "id": "FEDORA:5CE3221275", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QJOBAOSYARL6SMDO4GW3VUYPDWH45TY7/", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "cvss3": {}, "published": "2011-11-10T17:33:27", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: tomcat6-6.0.32-10.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190"], "modified": "2011-11-10T17:33:27", "id": "FEDORA:7A2FA214FF", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ADOCXEICKCMBQ5GLD3ST42YGFBAAOR55/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T18:05:59", "description": "CVE ID: CVE-2011-1088\r\n\r\nApache Tomcat\u662f\u4e00\u4e2a\u6d41\u884c\u7684\u5f00\u653e\u6e90\u7801\u7684JSP\u5e94\u7528\u670d\u52a1\u5668\u7a0b\u5e8f\u3002\r\n\r\nApache Tomcat\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728"@ServletSecurity" \u6ce8\u91ca\u5b89\u5168\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\u3002\r\n\r\n\u7531\u4e8e\u5e94\u7528\u7a0b\u5e8f\u5728\u52a0\u8f7d\u5c0f\u670d\u52a1\u7a0b\u5e8f\u65f6\u672a\u80fd\u6b63\u786e\u6267\u884c"@ServletSecurity" \u6ce8\u91ca\uff0c\u53ef\u901a\u8fc7\u7ed5\u8fc7\u6ce8\u91ca\u6307\u5b9a\u7684\u5b89\u5168\u9650\u5236\u5e76\u6cc4\u9732\u67d0\u4e9b\u4fe1\u606f\u3002\n\nApache Group Tomcat 7.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApache Group\r\n------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://jakarta.apache.org/tomcat/index.html", "cvss3": {}, "published": "2011-03-14T00:00:00", "title": "Apache Tomcat "@ServletSecurity" \u6ce8\u91ca\u5b89\u5168\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2011-1088"], "modified": "2011-03-14T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20364", "id": "SSV:20364", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "gentoo": [{"lastseen": "2022-01-17T19:12:44", "description": "### Background\n\nApache Tomcat is a Servlet-3.0/JSP-2.2 Container.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nThe vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server\u2019s hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Apache Tomcat 6.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-6.0.35\"\n \n\nAll Apache Tomcat 7.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-7.0.23\"", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 4.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.4}, "published": "2012-06-24T00:00:00", "type": "gentoo", "title": "Apache Tomcat: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2010-1157", "CVE-2010-2227", "CVE-2010-3718", "CVE-2010-4172", "CVE-2010-4312", "CVE-2011-0013", "CVE-2011-0534", "CVE-2011-1088", "CVE-2011-1183", "CVE-2011-1184", "CVE-2011-1419", "CVE-2011-1475", "CVE-2011-1582", "CVE-2011-2204", "CVE-2011-2481", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2016-03-20T00:00:00", "id": "GLSA-201206-24", "href": "https://security.gentoo.org/glsa/201206-24", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2022-11-01T21:39:04", "description": "**Issue Overview:**\n\nCertain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. \n\nThe HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.\n\nApache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.\n\n \n**Affected Packages:** \n\n\ntomcat6\n\n \n**Issue Correction:** \nRun _yum update tomcat6_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n noarch: \n \u00a0\u00a0\u00a0 tomcat6-el-2.1-api-6.0.33-1.26.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-javadoc-6.0.33-1.26.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-lib-6.0.33-1.26.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-admin-webapps-6.0.33-1.26.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-servlet-2.5-api-6.0.33-1.26.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-6.0.33-1.26.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-jsp-2.1-api-6.0.33-1.26.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-webapps-6.0.33-1.26.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-docs-webapp-6.0.33-1.26.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 tomcat6-6.0.33-1.26.amzn1.src \n \n \n\n### Additional References\n\nRed Hat: [CVE-2011-1184](<https://access.redhat.com/security/cve/CVE-2011-1184>), [CVE-2011-2204](<https://access.redhat.com/security/cve/CVE-2011-2204>), [CVE-2011-3190](<https://access.redhat.com/security/cve/CVE-2011-3190>)\n\nMitre: [CVE-2011-1184](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184>), [CVE-2011-2204](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204>), [CVE-2011-3190](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190>)\n", "cvss3": {}, "published": "2011-12-02T22:21:00", "type": "amazon", "title": "Important: tomcat6", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-3190"], "modified": "2014-09-14T15:04:00", "id": "ALAS-2011-025", "href": "https://alas.aws.amazon.com/ALAS-2011-25.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2019-05-08T20:21:11", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP AAM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable | None \nBIG-IP GTM | None | 11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP PSM | None | 11.4.1 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable | None \nBIG-IP WebSafe | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 | Not vulnerable | None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.3.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.3.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "cvss3": {}, "published": "2017-10-12T00:09:00", "type": "f5", "title": "Tomcat vulnerabilities CVE-2012-5885, CVE-2012-5886, and CVE-2012-5887", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5887", "CVE-2011-1184", "CVE-2012-5886", "CVE-2012-5885"], "modified": "2017-10-12T00:09:00", "id": "F5:K54891070", "href": "https://support.f5.com/csp/article/K54891070", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "ubuntu": [{"lastseen": "2023-01-26T13:38:13", "description": "## Releases\n\n * Ubuntu 11.10 \n * Ubuntu 11.04 \n * Ubuntu 10.10 \n * Ubuntu 10.04 \n\n## Packages\n\n * tomcat6 \\- Servlet and JSP engine\n\nIt was discovered that Tomcat incorrectly implemented HTTP DIGEST \nauthentication. An attacker could use this flaw to perform a variety of \nauthentication attacks. (CVE-2011-1184)\n\nPolina Genova discovered that Tomcat incorrectly created log entries with \npasswords when encountering errors during JMX user creation. A local \nattacker could possibly use this flaw to obtain sensitive information. This \nissue only affected Ubuntu 10.04 LTS, 10.10 and 11.04. (CVE-2011-2204)\n\nIt was discovered that Tomcat incorrectly validated certain request \nattributes when sendfile is enabled. A local attacker could bypass intended \nrestrictions, or cause the JVM to crash, resulting in a denial of service. \n(CVE-2011-2526)\n\nIt was discovered that Tomcat incorrectly handled certain AJP requests. A \nremote attacker could use this flaw to spoof requests, bypass \nauthentication, and obtain sensitive information. This issue only affected \nUbuntu 10.04 LTS, 10.10 and 11.04. (CVE-2011-3190)\n", "cvss3": {}, "published": "2011-11-08T00:00:00", "type": "ubuntu", "title": "Tomcat vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190"], "modified": "2011-11-08T00:00:00", "id": "USN-1252-1", "href": "https://ubuntu.com/security/notices/USN-1252-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2022-10-01T01:49:46", "description": "## Summary\n\nIBM Sterling B2B Integrator has integrated multiple security vulnerability fixes from Apache Log4j, please see list of CVEs for vulnerability details\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2017-5645](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5645>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by an error when using the TCP socket server or UDP socket server to receive serialized log events from another application. By deserializing a specially crafted binary payload, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/127479](<https://exchange.xforce.ibmcloud.com/vulnerabilities/127479>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-9488](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9488>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/180824](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180824>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-17571](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in SocketServer. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173314](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173314>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2010-1157](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error related to the generation of a realm name when one isn't specified for a web.xml application. A remote attacker could exploit this vulnerability using the WWW-Authenticate header to obtain the IP address or local hostname of the system. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/58055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/58055>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2010-2227](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by multiple flaws when handling Transfer-Encoding headers that prevents a buffer from recycling. By sending a specially-crafted request in a Transfer-Encoding header, a remote attacker could exploit this vulnerability to trigger the failure of subsequent requests or information leaks between the requests. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/60264](<https://exchange.xforce.ibmcloud.com/vulnerabilities/60264>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P) \n \n** CVEID: **[CVE-2010-4172](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the sessionsList.jsp script. A remote attacker could exploit this vulnerability using the sort or orderby parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/63422](<https://exchange.xforce.ibmcloud.com/vulnerabilities/63422>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2010-4312](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4312>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to hijack a valid user's session, caused by a missing HttpOnly mechanism flag in a Set-Cookie header. By persuading a victim to visit a specially-crafted link and log into the application, a remote attacker could exploit this vulnerability to hijack another user's account and possibly launch further attacks on the system. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/63477](<https://exchange.xforce.ibmcloud.com/vulnerabilities/63477>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2010-3718](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the ServletContect attribute being improperly restricted to read-only setting. An attacker could exploit this vulnerability to gain unauthorized read and write access to the system. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/65159](<https://exchange.xforce.ibmcloud.com/vulnerabilities/65159>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2011-0534](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by an error in the NIO connector when processing a request line. By sending a specially-crafted request, a remote attacker could exploit the vulnerability to cause an OutOfMemory error and crash the server. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/65162](<https://exchange.xforce.ibmcloud.com/vulnerabilities/65162>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2011-0013](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by when displaying web application data. A remote attacker could exploit this vulnerability using the HTML Manager interface to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/65160](<https://exchange.xforce.ibmcloud.com/vulnerabilities/65160>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2011-2526](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the improper validation of request attributes by sendfile. A remote attacker could exploit this vulnerability to obtain sensitive information and cause the JVM to crash. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/68541](<https://exchange.xforce.ibmcloud.com/vulnerabilities/68541>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P) \n \n** CVEID: **[CVE-2011-3190](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the improper handling of messages by the AJP protocol. A remote attacker could exploit this vulnerability to inject arbitrary AJP messages to bypass the authentication process and possibly obtain sensitive information. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/69472](<https://exchange.xforce.ibmcloud.com/vulnerabilities/69472>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2011-4858](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4858>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by insufficient randomization of hash data structures. By sending multiple specially-crafted HTTP POST requests to an affected application containing conflicting hash key values, a remote attacker could exploit this vulnerability to cause the consumption of CPU resources. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72016](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72016>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2011-1184](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by multiple errors related to the implementation of HTTP DIGEST authentication. A remote attacker could exploit this vulnerability to perform unauthorized actions. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/70052](<https://exchange.xforce.ibmcloud.com/vulnerabilities/70052>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2011-5063](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5063>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to check realm values by the HTTP Digest Access Authentication implementation. A remote attacker could exploit this vulnerability to bypass security restrictions. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72437](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72437>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2012-2733](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2733>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by the improper verification of the request headers by the parseHeaders() function. A remote attacker could exploit this vulnerability using specially-crafted headers to cause an out-of-memory exception. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/79806](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79806>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2011-5064](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5064>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the use of Catalina as the hard-coded private key by DigestAuthenticator.java within the HTTP Digest Access Authentication implementation. A remote attacker could exploit this vulnerability to bypass cryptographic protection mechanisms. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72438](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72438>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2012-0022](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of an overly large number of parameter and parameter values. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to consume an overly large amount of CPU resources. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72425>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2011-5062](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5062>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to check qop values by the HTTP Digest Access Authentication implementation. A remote attacker could exploit this vulnerability to bypass intended integrity-protection requirements. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72436](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72436>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2012-5885](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5885>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the tracking of cnonce values instead of nonce and nc values by the replay-countermeasure functionality in the HTTP Digest Access Authentication implementation. By sniffing the network, a remote attacker could exploit this vulnerability to bypass security restrictions. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/80408](<https://exchange.xforce.ibmcloud.com/vulnerabilities/80408>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-5886](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5886>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the caching of information about the authenticated user within the session state by the HTTP Digest Access Authentication implementation. A remote attacker could exploit this vulnerability to bypass security restrictions. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/80407](<https://exchange.xforce.ibmcloud.com/vulnerabilities/80407>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-5887](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5887>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly check server nonces by the DIGEST authentication mechanism. A remote attacker could exploit this vulnerability to gain unauthorized access to the system. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/79809](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79809>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-3546](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3546>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in the FormAuthenticator component during FORM authentication. By leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI, an attacker could exploit his vulnerability to bypass the authentication mechanism and gain unauthorized access to the system. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/80517](<https://exchange.xforce.ibmcloud.com/vulnerabilities/80517>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-4431](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in the doFilter() method. By sending a specially-crafted request to a protected source without a session identifier present in the request, an attacker could exploit this vulnerability to bypass the CSRF prevention filter and gain unauthorized access to the system. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/80518](<https://exchange.xforce.ibmcloud.com/vulnerabilities/80518>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-4534](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4534>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by an error when using the NIO connector with sendfile and HTTPS enabled. A remote attacker could exploit this vulnerability to cause the application to enter an infinite loop and consume all available CPU resources. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/80516](<https://exchange.xforce.ibmcloud.com/vulnerabilities/80516>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2012-3544](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by the failure to properly handle chunk extensions in chunked transfer coding. By streaming data, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/84952](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84952>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2013-2067](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2067>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to hijack a valid user's session, caused by the improper validation of session cookies by the FormAuthenticator module. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to hijack another user's session and possibly launch further attacks on the system. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/84154](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84154>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2013-2185](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2185>) \n** DESCRIPTION: **Red Hat JBoss Enterprise Application Platform could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the implementation of the DiskFileItem class. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability using serialized instance of the DiskFileItem class to upload a file containing a NULL byte, which could allow the attacker to execute arbitrary PHP code on the vulnerable system. \nCVSS Base score: 6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/87273](<https://exchange.xforce.ibmcloud.com/vulnerabilities/87273>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2013-4286](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to HTTP request smuggling, caused by an incomplete fix related to the handling of malicious request. By sending a specially-crafted request in a Transfer-Encoding: chunked header and a Content-length header to the Apache HTTP server that will be reassembled with the original Content-Length header value, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/91426](<https://exchange.xforce.ibmcloud.com/vulnerabilities/91426>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2013-4322](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by an incomplete fix related to the processing of chunked transfer coding without properly handling a large total amount of chunked data or whitespace characters in an HTTP header value. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/91625](<https://exchange.xforce.ibmcloud.com/vulnerabilities/91625>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2013-4590](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when running untrusted web applications. By sending a specially-crafted request, an attacker could exploit this vulnerability to read arbitrary files and obtain sensitive information. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/91424](<https://exchange.xforce.ibmcloud.com/vulnerabilities/91424>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2014-0075](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by an integer overflow in the parseChunkHeader function. A remote attacker could exploit this vulnerability using a malformed chunk size as part of a chunked request to consume all available resources. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/93365](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93365>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2014-0096](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data by the default server. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/93367](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93367>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2014-0099](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/93369](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93369>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2014-0119](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the replacement of the XML parsers used to process XSLTs for the default servlet. An attacker could exploit this vulnerability using a specially-crafted application to obtain sensitive information. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/93368](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93368>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2013-4444](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4444>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the File Upload feature. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious JSP, which could allow the attacker to execute arbitrary JSP code on the vulnerable system. \nCVSS Base score: 6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95876](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95876>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2014-0227](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to HTTP request smuggling. A remote attacker could send a specially-crafted request in a malformed chunked header to the Web server to cause multiple processing conflicts on the servers. An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/100751](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100751>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2014-0230](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0230>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by an error when an HTTP response is returned before the entire request body is fully read. An attacker could exploit this vulnerability using a series of aborted upload attempts to cause a denial of service. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/102131](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102131>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2014-7810](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the use of expression language. An attacker could exploit this vulnerability to bypass the protections of a Security Manager. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/103155](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103155>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2015-5174](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5174>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) in the getResource(), getResourceAsStream() and getResourcePaths() ServletContext methods to obtain a directory listing for the directory. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/110860](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110860>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2015-5345](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5345>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/110857](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110857>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-0706](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0706>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the loading of the StatusManagerServlet during the configuration of a security manager. An attacker could exploit this vulnerability to obtain deployed applications and other sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/110855](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110855>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-0714](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0714>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in multiple session persistence mechanisms. By placing a malicious object into a session, an attacker could exploit this vulnerability to bypass a security manager and possibly execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/110856](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110856>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-6816](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/119158](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2017-5647](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5647>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error in the processing of pipelined requests in send file. An attacker could exploit this vulnerability to obtain sensitive information from the wrong response. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124400](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124400>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-0762](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0762>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118407](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118407>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-5018](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5018>) \n** DESCRIPTION: **Apache Tomcat could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using a Tomcat utility method to bypass a configured SecurityManager. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118406](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118406>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2016-6794](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6794>) \n** DESCRIPTION: **Apache Tomcat could allow a local attacker to obtain sensitive information, caused by an error in the system property replacement feature. An attacker could exploit this vulnerability to bypass the SecurityManager and read system properties. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118405](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118405>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-6796](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6796>) \n** DESCRIPTION: **Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118404](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118404>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-8022](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8022>) \n** DESCRIPTION: **tomcat package for openSUSE could allow a local authenticated attacker to gain elevated privileges on the system, caused by an incorrect default permission flaw. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges as root. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184110](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184110>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| APAR(s)| Version(s) \n---|---|--- \nIBM Sterling B2B Integrator| IT37848| 5.2.0.0 - 6.0.3.4 \nIBM Sterling B2B Integrator| IT37848| 6.1.0.0 - 6.1.0.3 \n \n\n\n## Remediation/Fixes\n\nProduct & Version| Remediation & Fix \n---|--- \n5.2.0.0 - 6.0.3.4| Apply IBM Sterling B2B Integrator version 6.0.3.5 or 6.1.1.0 on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>) \n6.1.0.0 - 6.1.0.3| Apply IBM Sterling B2B Integrator version 6.1.1.0 on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n1st Oct 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SS3JSW\",\"label\":\"Sterling B2B Integrator\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF051\",\"label\":\"Linux on IBM Z Systems\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF012\",\"label\":\"IBM i\"}],\"Version\":\"5.2.0.0 - 6.1.1.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-06T14:56:49", "type": "ibm", "title": "Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227", "CVE-2010-3718", "CVE-2010-4172", "CVE-2010-4312", "CVE-2011-0013", "CVE-2011-0534", "CVE-2011-1184", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022", "CVE-2012-2733", "CVE-2012-3544", "CVE-2012-3546", "CVE-2012-4431", "CVE-2012-4534", "CVE-2012-5885", "CVE-2012-5886", "CVE-2012-5887", "CVE-2013-2067", "CVE-2013-2185", "CVE-2013-4286", "CVE-2013-4322", "CVE-2013-4444", "CVE-2013-4590", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119", "CVE-2014-0227", "CVE-2014-0230", "CVE-2014-7810", "CVE-2015-5174", "CVE-2015-5345", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6816", "CVE-2017-5645", "CVE-2017-5647", "CVE-2019-17571", "CVE-2020-8022", "CVE-2020-9488"], "modified": "2021-10-06T14:56:49", "id": "B5810DD31544DECD338CCD71F5C05C78B267068FE3FD01928B5545B05BEE5FA0", "href": "https://www.ibm.com/support/pages/node/6496741", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-09-29T21:26:08", "description": "## Abstract\n\nStorwize V7000 Unified includes multiple software components for which the vendors have provided fixes for security vulnerabilities in such components.\n\n## Content\n\n**VULNERABILITY DETAILS: ** \n \n**CVE ID:**\n\n**Vendor**| **Vendor ID**| **Vendor Title**| **Included CVEs** \n---|---|---|--- \nRed Hat| [_RHSA-2012-0143_](<https://rhn.redhat.com/errata/RHSA-2012-0143.html>)| Critical: xulrunner security update| [_CVE-2011-3026_](<https://www.redhat.com/security/data/cve/CVE-2011-3026.html>) \nRed Hat| [_RHSA-2012-0317_](<https://rhn.redhat.com/errata/RHSA-2012-0317.html>)| Important: libpng security update| [_CVE-2011-3026_](<https://www.redhat.com/security/data/cve/CVE-2011-3026.html>) \nRed Hat| [_RHSA-2012-0128_](<https://rhn.redhat.com/errata/RHSA-2012-0128.html>)| Moderate: httpd security update| [_CVE-2011-3639_](<https://www.redhat.com/security/data/cve/CVE-2011-3639.html>) \n[_CVE-2011-4317_](<https://www.redhat.com/security/data/cve/CVE-2011-4317.html>) \n[_CVE-2012-0053_](<CVE-2012-0053>) \nApache| [_Apache Tomcat 6.0.33_](<http://tomcat.apache.org/security-6.html>)| Fixed in Apache Tomcat 6.0.33| [_CVE-2011-1184_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184>) \n[_CVE-2011-2204_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204>) \n[_CVE-2011-2526_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526>) \nApache| [_Apache Tomcat 6.0.35_](<http://tomcat.apache.org/security-6.html>)| Fixed in Apache Tomcat 6.0.35| [_CVE-2011-3190_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190>) \n[_CVE-2011-3375_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3375>) \n[_CVE-2012-0022_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022>) \n \n \n**DESCRIPTION:** \nStorwize V7000 Unified has integrated updated versions of the software components for which the vendors have provided fixes for security vulnerabilities. \n \n \n**CVSS:** \nPlease see vendor documentation for CVSS scores and CVSS vector. \n \n \n**AFFECTED PLATFORMS: **\n\n * Affected releases: Storwize V7000 Unified 1.3 through 1.3.2.0. \n * Releases/systems/configurations NOT affected: Storwize 7000 Unified 1.3.2.3 and above, Storwize 7000 Unified 1.4.0.0 and above.\n\n**REMEDIATION: **\n\n \n**_Vendor Fix(es):_** The issue was fixed beginning with version Storwize V7000 Unified 1.3.2.3 and 1.4.0.0. Storwize V7000 Unified customers running an earlier version (e.g. Storwize V7000 Unified 1.3.2.0) must upgrade to Storwize V7000 Unified 1.3.2.3, 1.4.0.0 or a later version. \n \n \n**_Workaround(s):_** None. \n \n**_Mitigation(s):_** Storwize V7000 Unified is not exposed to CVE-2011-3026 during normal operation. Service procedures which use the Firefox web browser may activate the vulnerable code. Service personnel must not browse web pages on the internet to avoid the processing of web pages with malicious content. \n\nThe Tomcat related vulnerabilities are exposed to the Storwize V7000 Unified management and service IP addresses only, but not to the public IP addresses which are used for NAS data access. It is recommended that the management and service IP addresses will be attached to a management network only.\n\n \n \n \n**REFERENCES: ** \n\n\n * [](<https://www-304.ibm.com/support/docview.wss?uid=swg21496117&wv=1>)[__Complete CVSS Guide__](<http://www.first.org/cvss/v2/guide>)\n * [__On-line Calculator V2__](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n * * [_RHSA-2012-0143_](<https://rhn.redhat.com/errata/RHSA-2012-0143.html>) \n[_CVE-2011-3026_](<https://www.redhat.com/security/data/cve/CVE-2011-3026.html>) \n\n * [_RHSA-2012-0317_](<https://rhn.redhat.com/errata/RHSA-2012-0317.html>) \n[_CVE-2011-3026_](<https://www.redhat.com/security/data/cve/CVE-2011-3026.html>) \n\n * [_RHSA-2012-0128_](<https://rhn.redhat.com/errata/RHSA-2012-0128.html>) \n[_CVE-2011-3639_](<https://www.redhat.com/security/data/cve/CVE-2011-3639.html>) \n[_CVE-2011-4317_](<https://www.redhat.com/security/data/cve/CVE-2011-4317.html>) \n[_CVE-2012-0053_](<CVE-2012-0053>) \n\n * [_Apache Tomcat 6.0.33_](<http://tomcat.apache.org/security-6.html>) \n[_CVE-2011-1184_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184>) \n[_CVE-2011-2204_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204>) \n[_CVE-2011-2526_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526>) \n\n * [_Apache Tomcat 6.0.35_](<http://tomcat.apache.org/security-6.html>) \n[_CVE-2011-3190_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190>) \n[_CVE-2011-3375_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3375>) \n[_CVE-2012-0022_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022>)\n \n \n**RELATED INFORMATION: ** \n\n\n * [_IBM Secure Engineering Web Portal_](<https://www-304.ibm.com/jct03001c/security/secure-engineering/>)\n * [_IBM Product Security Incident Response Blog_](<https://www.ibm.com/blogs/PSIRT>)\n \n \n \n**CHANGE HISTORY: ** \n\n\n * _03/18/13: Original copy published._\n\n_The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. _\n\n \n**_Note: _**_According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" _ \n_IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY._\n\n[{\"Product\":{\"code\":\"ST5Q4U\",\"label\":\"IBM Storwize V7000 Unified (2073)\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"1.4\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"1.3;1.4\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}}]", "cvss3": {}, "published": "2022-09-26T04:23:14", "type": "ibm", "title": "Security Bulletin: Storwize V7000 Unified V1.3.2.3 and V1.4.0.0 Include Fixes for Multiple Vendor Security Vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3026", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-3639", "CVE-2011-4317", "CVE-2012-0022", "CVE-2012-0053"], "modified": "2022-09-26T04:23:14", "id": "C3B24D9C073C7840B6F13827EE7743D35E733053B2442D8C8AD0A06EAEC3B9DA", "href": "https://www.ibm.com/support/pages/node/689125", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-29T21:26:01", "description": "## Abstract\n\nSONAS includes multiple software components for which the vendors have provided fixes for security vulnerabilities in such components.\n\n## Content\n\n**VULNERABILITY DETAILS: ** \n \n**CVE ID:**\n\n**Vendor**| **Vendor ID**| **Vendor Title**| **Included CVEs** \n---|---|---|--- \nIBM| [_TSM 6.3.1.0_](<http://www-01.ibm.com/support/docview.wss?uid=swg21615292>)| Two unauthorized access vulnerabilities in IBM TSM for Space Management| [_CVE-2012-4859_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4859>) \n[_CVE-2012-5954_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5954>) \nRed Hat| [_RHSA-2012-0128_](<https://rhn.redhat.com/errata/RHSA-2012-0128.html>)| Moderate: httpd security update| [_CVE-2011-3639_](<https://www.redhat.com/security/data/cve/CVE-2011-3639.html>) \nApache| [_Apache Tomcat 6.0.33_](<http://tomcat.apache.org/security-6.html>)| Fixed in Apache Tomcat 6.0.33| [_CVE-2011-1184_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184>) \nApache| [_Apache Tomcat 6.0.35_](<http://tomcat.apache.org/security-6.html>)| Fixed in Apache Tomcat 6.0.35| [_CVE-2011-3190_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190>) \nIBM| [_IBM Java 6.0.0 SR12_](<https://www.ibm.com/developerworks/java/jdk/alerts/>)| Oracle October 16 2012 CPU| [_CVE-2012-5081_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081>) \nRed Hat| [_RHSA-2012-0143_](<https://rhn.redhat.com/errata/RHSA-2012-0143.html>)| Critical: xulrunner security update| [_CVE-2011-3026_](<https://www.redhat.com/security/data/cve/CVE-2011-3026.html>) \nRed Hat| [_RHSA-2012-0317_](<https://rhn.redhat.com/errata/RHSA-2012-0317.html>)| Important: libpng security update| [_CVE-2011-3026_](<https://www.redhat.com/security/data/cve/CVE-2011-3026.html>) \nRed Hat| [_RHSA-2012-1210_](<https://rhn.redhat.com/errata/RHSA-2012-1210.html>)| Critical: firefox security update| [_CVE-2012-1970_](<https://www.redhat.com/security/data/cve/CVE-2012-1970.html>) \n[_CVE-2012-1972_](<https://www.redhat.com/security/data/cve/CVE-2012-1972.html>) \n[_CVE-2012-1973_](<https://www.redhat.com/security/data/cve/CVE-2012-1973.html>) \n[_CVE-2012-1974_](<https://www.redhat.com/security/data/cve/CVE-2012-1974.html>) \n[_CVE-2012-1975_](<https://www.redhat.com/security/data/cve/CVE-2012-1975.html>) \n[_CVE-2012-1976_](<https://www.redhat.com/security/data/cve/CVE-2012-1976.html>) \n[_CVE-2012-3956_](<https://www.redhat.com/security/data/cve/CVE-2012-3956.html>) \n[_CVE-2012-3957_](<https://www.redhat.com/security/data/cve/CVE-2012-3957.html>) \n[_CVE-2012-3958_](<https://www.redhat.com/security/data/cve/CVE-2012-3958.html>) \n[_CVE-2012-3959_](<https://www.redhat.com/security/data/cve/CVE-2012-3959.html>) \n[_CVE-2012-3960_](<https://www.redhat.com/security/data/cve/CVE-2012-3960.html>) \n[_CVE-2012-3961_](<https://www.redhat.com/security/data/cve/CVE-2012-3961.html>) \n[_CVE-2012-3962_](<https://www.redhat.com/security/data/cve/CVE-2012-3962.html>) \n[_CVE-2012-3963_](<https://www.redhat.com/security/data/cve/CVE-2012-3963.html>) \n[_CVE-2012-3964_](<https://www.redhat.com/security/data/cve/CVE-2012-3964.html>) \n[_CVE-2012-3966_](<https://www.redhat.com/security/data/cve/CVE-2012-3966.html>) \n[_CVE-2012-3967_](<https://www.redhat.com/security/data/cve/CVE-2012-3967.html>) \n[_CVE-2012-3968_](<https://www.redhat.com/security/data/cve/CVE-2012-3968.html>) \n[_CVE-2012-3969_](<https://www.redhat.com/security/data/cve/CVE-2012-3969.html>) \n[_CVE-2012-3970_](<https://www.redhat.com/security/data/cve/CVE-2012-3970.html>) \n[_CVE-2012-3972_](<https://www.redhat.com/security/data/cve/CVE-2012-3972.html>) \n[_CVE-2012-3976_](<https://www.redhat.com/security/data/cve/CVE-2012-3976.html>) \n[_CVE-2012-3978_](<https://www.redhat.com/security/data/cve/CVE-2012-3978.html>) \n[_CVE-2012-3980_](<https://www.redhat.com/security/data/cve/CVE-2012-3980.html>) \nRed Hat| [_RHSA-2012-1350_](<https://rhn.redhat.com/errata/RHSA-2012-1350.html>)| Critical: firefox security and bug fix update| [_CVE-2012-1956_](<https://www.redhat.com/security/data/cve/CVE-2012-1956.html>) \n[_CVE-2012-3982_](<https://www.redhat.com/security/data/cve/CVE-2012-3982.html>) \n[_CVE-2012-3986_](<https://www.redhat.com/security/data/cve/CVE-2012-3986.html>) \n[_CVE-2012-3988_](<https://www.redhat.com/security/data/cve/CVE-2012-3988.html>) \n[_CVE-2012-3990_](<https://www.redhat.com/security/data/cve/CVE-2012-3990.html>) \n[_CVE-2012-3991_](<https://www.redhat.com/security/data/cve/CVE-2012-3991.html>) \n[_CVE-2012-3992_](<https://www.redhat.com/security/data/cve/CVE-2012-3992.html>) \n[_CVE-2012-3993_](<https://www.redhat.com/security/data/cve/CVE-2012-3993.html>) \n[_CVE-2012-3994_](<https://www.redhat.com/security/data/cve/CVE-2012-3994.html>) \n[_CVE-2012-3995_](<https://www.redhat.com/security/data/cve/CVE-2012-3995.html>) \n[_CVE-2012-4179_](<https://www.redhat.com/security/data/cve/CVE-2012-4179.html>) \n[_CVE-2012-4180_](<https://www.redhat.com/security/data/cve/CVE-2012-4180.html>) \n[_CVE-2012-4181_](<https://www.redhat.com/security/data/cve/CVE-2012-4181.html>) \n[_CVE-2012-4182_](<https://www.redhat.com/security/data/cve/CVE-2012-4182.html>) \n[_CVE-2012-4183_](<https://www.redhat.com/security/data/cve/CVE-2012-4183.html>) \n[_CVE-2012-4184_](<https://www.redhat.com/security/data/cve/CVE-2012-4184.html>) \n[_CVE-2012-4185_](<https://www.redhat.com/security/data/cve/CVE-2012-4185.html>) \n[_CVE-2012-4186_](<https://www.redhat.com/security/data/cve/CVE-2012-4186.html>) \n[_CVE-2012-4187_](<https://www.redhat.com/security/data/cve/CVE-2012-4187.html>) \n[_CVE-2012-4188_](<https://www.redhat.com/security/data/cve/CVE-2012-4188.html>) \nRed Hat| [_RHSA-2012-1361_](<https://rhn.redhat.com/errata/RHSA-2012-1361.html>)| Critical: xulrunner security update| [_CVE-2012-4193_](<https://www.redhat.com/security/data/cve/CVE-2012-4193.html>) \nRed Hat| [_RHSA-2012-1407_](<https://rhn.redhat.com/errata/RHSA-2012-1407.html>)| Critical: firefox security update| [_CVE-2012-4194_](<https://www.redhat.com/security/data/cve/CVE-2012-4194.html>) \n[_CVE-2012-4195_](<https://www.redhat.com/security/data/cve/CVE-2012-4195.html>) \n[_CVE-2012-4196_](<https://www.redhat.com/security/data/cve/CVE-2012-4196.html>) \nRed Hat| [_RHSA-2012-1482_](<https://rhn.redhat.com/errata/RHSA-2012-1482.html>)| Critical: firefox security update| [_CVE-2012-4201_](<https://www.redhat.com/security/data/cve/CVE-2012-4201.html>) \n[_CVE-2012-4202_](<https://www.redhat.com/security/data/cve/CVE-2012-4202.html>) \n[_CVE-2012-4207_](<https://www.redhat.com/security/data/cve/CVE-2012-4207.html>) \n[_CVE-2012-4209_](<https://www.redhat.com/security/data/cve/CVE-2012-4209.html>) \n[_CVE-2012-4210_](<https://www.redhat.com/security/data/cve/CVE-2012-4210.html>) \n[_CVE-2012-4214_](<https://www.redhat.com/security/data/cve/CVE-2012-4214.html>) \n[_CVE-2012-4215_](<https://www.redhat.com/security/data/cve/CVE-2012-4215.html>) \n[_CVE-2012-4216_](<https://www.redhat.com/security/data/cve/CVE-2012-4216.html>) \n[_CVE-2012-5829_](<https://www.redhat.com/security/data/cve/CVE-2012-5829.html>) \n[_CVE-2012-5830_](<https://www.redhat.com/security/data/cve/CVE-2012-5830.html>) \n[_CVE-2012-5833_](<https://www.redhat.com/security/data/cve/CVE-2012-5833.html>) \n[_CVE-2012-5835_](<https://www.redhat.com/security/data/cve/CVE-2012-5835.html>) \n[_CVE-2012-5839_](<https://www.redhat.com/security/data/cve/CVE-2012-5839.html>) \n[_CVE-2012-5840_](<https://www.redhat.com/security/data/cve/CVE-2012-5840.html>) \n[_CVE-2012-5841_](<https://www.redhat.com/security/data/cve/CVE-2012-5841.html>) \n[_CVE-2012-5842_](<https://www.redhat.com/security/data/cve/CVE-2012-5842.html>) \nRed Hat| [](<https://rhn.redhat.com/errata/RHSA-2012-1361.html>)[_RHSA-2012-0699_](<https://rhn.redhat.com/errata/RHSA-2012-0699.html>)| Moderate: openssl security and bug fix update| [_ CVE-2012-2333_](<https://www.redhat.com/security/data/cve/CVE-2012-2333.html>) \nRed Hat| [_RHSA-2012-0518_](<https://rhn.redhat.com/errata/RHSA-2012-0518.html>)| Important: openssl security update| [_ CVE-2012-2110_](<https://www.redhat.com/security/data/cve/CVE-2012-2110.html>) \nRed Hat| [_RHSA-2012-0426_](<https://rhn.redhat.com/errata/RHSA-2012-0426.html>)| Moderate: openssl security and bug fix update| [_ CVE-2012-0884_](<https://www.redhat.com/security/data/cve/CVE-2012-0884.html>) \n[_ CVE-2012-1165_](<https://www.redhat.com/security/data/cve/CVE-2012-1165.html>) \n \n**DESCRIPTION:** \nSONAS has integrated updated versions of the software components for which the vendors have provided fixes for security vulnerabilities. \n \n \n**CVSS:** \nPlease see vendor documentation for CVSS scores and CVSS vector. \n \n \n**AFFECTED PLATFORMS: **\n\n * Affected releases: SONAS 1.1 through 1.3.2.2.\n * Releases/systems/configurations NOT affected: SONAS 1.3.2.3 and above.\n \n\n\n**REMEDIATION: **\n\n \n**_Vendor Fix(es):_** The issue was fixed beginning with version SONAS 1.3.2.3. SONAS customers running an earlier SONAS version (e.g. SONAS 1.3.2.1) must upgrade to SONAS 1.3.2.3 or a later version. \n \n \n**_Workaround(s):_** None. \n \n**_Mitigation(s):_** SONAS is not exposed to CVEs related to Firefox and Xulrunner and to CVE-2011-3026 during normal operation. Service procedures which use the Firefox web browser may activate the vulnerable code. Service personnel must not browse web pages on the internet to avoid the processing of web pages with malicious content. \n\nThe Tomcat related vulnerabilities are exposed to the SONAS management and service IP addresses only, but not to the public IP addresses which are used for NAS data access. It is recommended that the management and service IP addresses will be attached to a management network only.\n\nCVE-2012-4859 is not directly exploitable on SONAS, because SONAS does not provide a capability to logon as native Unix or Linux user.\n\nCVE-2012-5954 impacts only SONAS systems, which are configured with TSM HSM.\n\n \n \n \n**REFERENCES: **\n\n * [__Complete CVSS Guide__](<http://www.first.org/cvss/v2/guide>)\n * [__On-line Calculator V2__](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n * [_TSM 6.3.1.0_](<http://www-01.ibm.com/support/docview.wss?uid=swg21615292>)\n \n[_CVE-2012-4859_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4859>) \n[_CVE-2012-5954_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5954>)\n * [_RHSA-2012-0128_](<https://rhn.redhat.com/errata/RHSA-2012-0128.html>)\n \n[_CVE-2011-3639_](<https://www.redhat.com/security/data/cve/CVE-2011-3639.html>) \n[_CVE-2011-4317_](<https://www.redhat.com/security/data/cve/CVE-2011-4317.html>) \n[_CVE-2012-0053_](<file:///C:/Users/ADMINI~1.IMG/AppData/Local/Temp/notesC9812B/CVE-2012-0053>)\n * [_Apache Tomcat 6.0.33_](<http://tomcat.apache.org/security-6.html>)\n \n[_CVE-2011-1184_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184>) \n[_CVE-2011-2204_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204>) \n[_CVE-2011-2526_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526>) \n\n * [_Apache Tomcat 6.0.35_](<http://tomcat.apache.org/security-6.html>)\n \n[_CVE-2011-3190_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190>) \n[_CVE-2011-3375_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3375>) \n[_CVE-2012-0022_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022>) \n\n * [_IBM Java 6.0.0 SR12_](<https://www.ibm.com/developerworks/java/jdk/alerts/>)\n \n[_CVE-2012-5081_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081>) \n\n * [_RHSA-2012-0143_](<https://rhn.redhat.com/errata/RHSA-2012-0143.html>)\n \n[_CVE-2011-3026_](<https://www.redhat.com/security/data/cve/CVE-2011-3026.html>) \n\n * [_RHSA-2012-0317_](<https://rhn.redhat.com/errata/RHSA-2012-0317.html>)\n \n[_CVE-2011-3026_](<https://www.redhat.com/security/data/cve/CVE-2011-3026.html>) \n\n * [_RHSA-2012-1210_](<https://rhn.redhat.com/errata/RHSA-2012-1210.html>)\n \n[_CVE-2012-1970_](<https://www.redhat.com/security/data/cve/CVE-2012-1970.html>) \n[_CVE-2012-1972_](<https://www.redhat.com/security/data/cve/CVE-2012-1972.html>) \n[_CVE-2012-1973_](<https://www.redhat.com/security/data/cve/CVE-2012-1973.html>) \n[_CVE-2012-1974_](<https://www.redhat.com/security/data/cve/CVE-2012-1974.html>) \n[_CVE-2012-1975_](<https://www.redhat.com/security/data/cve/CVE-2012-1975.html>) \n[_CVE-2012-1976_](<https://www.redhat.com/security/data/cve/CVE-2012-1976.html>) \n[_CVE-2012-3956_](<https://www.redhat.com/security/data/cve/CVE-2012-3956.html>) \n[_CVE-2012-3957_](<https://www.redhat.com/security/data/cve/CVE-2012-3957.html>) \n[_CVE-2012-3958_](<https://www.redhat.com/security/data/cve/CVE-2012-3958.html>) \n[_CVE-2012-3959_](<https://www.redhat.com/security/data/cve/CVE-2012-3959.html>) \n[_CVE-2012-3960_](<https://www.redhat.com/security/data/cve/CVE-2012-3960.html>) \n[_CVE-2012-3961_](<https://www.redhat.com/security/data/cve/CVE-2012-3961.html>) \n[_CVE-2012-3962_](<https://www.redhat.com/security/data/cve/CVE-2012-3962.html>) \n[_CVE-2012-3963_](<https://www.redhat.com/security/data/cve/CVE-2012-3963.html>) \n[_CVE-2012-3964_](<https://www.redhat.com/security/data/cve/CVE-2012-3964.html>) \n[_CVE-2012-3966_](<https://www.redhat.com/security/data/cve/CVE-2012-3966.html>) \n[_CVE-2012-3967_](<https://www.redhat.com/security/data/cve/CVE-2012-3967.html>) \n[_CVE-2012-3968_](<https://www.redhat.com/security/data/cve/CVE-2012-3968.html>) \n[_CVE-2012-3969_](<https://www.redhat.com/security/data/cve/CVE-2012-3969.html>) \n[_CVE-2012-3970_](<https://www.redhat.com/security/data/cve/CVE-2012-3970.html>) \n[_CVE-2012-3972_](<https://www.redhat.com/security/data/cve/CVE-2012-3972.html>) \n[_CVE-2012-3976_](<https://www.redhat.com/security/data/cve/CVE-2012-3976.html>) \n[_CVE-2012-3978_](<https://www.redhat.com/security/data/cve/CVE-2012-3978.html>) \n[_CVE-2012-3980_](<https://www.redhat.com/security/data/cve/CVE-2012-3980.html>)\n * [_RHSA-2012-1350_](<https://rhn.redhat.com/errata/RHSA-2012-1350.html>)\n \n[_CVE-2012-1956_](<https://www.redhat.com/security/data/cve/CVE-2012-1956.html>) \n[_CVE-2012-3982_](<https://www.redhat.com/security/data/cve/CVE-2012-3982.html>) \n[_CVE-2012-3986_](<https://www.redhat.com/security/data/cve/CVE-2012-3986.html>) \n[_CVE-2012-3988_](<https://www.redhat.com/security/data/cve/CVE-2012-3988.html>) \n[_CVE-2012-3990_](<https://www.redhat.com/security/data/cve/CVE-2012-3990.html>) \n[_CVE-2012-3991_](<https://www.redhat.com/security/data/cve/CVE-2012-3991.html>) \n[_CVE-2012-3992_](<https://www.redhat.com/security/data/cve/CVE-2012-3992.html>) \n[_CVE-2012-3993_](<https://www.redhat.com/security/data/cve/CVE-2012-3993.html>) \n[_CVE-2012-3994_](<https://www.redhat.com/security/data/cve/CVE-2012-3994.html>) \n[_CVE-2012-3995_](<https://www.redhat.com/security/data/cve/CVE-2012-3995.html>) \n[_CVE-2012-4179_](<https://www.redhat.com/security/data/cve/CVE-2012-4179.html>) \n[_CVE-2012-4180_](<https://www.redhat.com/security/data/cve/CVE-2012-4180.html>) \n[_CVE-2012-4181_](<https://www.redhat.com/security/data/cve/CVE-2012-4181.html>) \n[_CVE-2012-4182_](<https://www.redhat.com/security/data/cve/CVE-2012-4182.html>) \n[_CVE-2012-4183_](<https://www.redhat.com/security/data/cve/CVE-2012-4183.html>) \n[_CVE-2012-4184_](<https://www.redhat.com/security/data/cve/CVE-2012-4184.html>) \n[_CVE-2012-4185_](<https://www.redhat.com/security/data/cve/CVE-2012-4185.html>) \n[_CVE-2012-4186_](<https://www.redhat.com/security/data/cve/CVE-2012-4186.html>) \n[_CVE-2012-4187_](<https://www.redhat.com/security/data/cve/CVE-2012-4187.html>) \n[_CVE-2012-4188_](<https://www.redhat.com/security/data/cve/CVE-2012-4188.html>) \n\n * [_RHSA-2012-1361_](<https://rhn.redhat.com/errata/RHSA-2012-1361.html>)\n \n[_CVE-2012-4193_](<https://www.redhat.com/security/data/cve/CVE-2012-4193.html>) \n\n * [_RHSA-2012-1407_](<https://rhn.redhat.com/errata/RHSA-2012-1407.html>)\n \n[_CVE-2012-4194_](<https://www.redhat.com/security/data/cve/CVE-2012-4194.html>) \n[_CVE-2012-4195_](<https://www.redhat.com/security/data/cve/CVE-2012-4195.html>) \n[_CVE-2012-4196_](<https://www.redhat.com/security/data/cve/CVE-2012-4196.html>) \n\n * [_RHSA-2012-1482_](<https://rhn.redhat.com/errata/RHSA-2012-1482.html>)\n \n[_CVE-2012-4201_](<https://www.redhat.com/security/data/cve/CVE-2012-4201.html>) \n[_CVE-2012-4202_](<https://www.redhat.com/security/data/cve/CVE-2012-4202.html>) \n[_CVE-2012-4207_](<https://www.redhat.com/security/data/cve/CVE-2012-4207.html>) \n[_CVE-2012-4209_](<https://www.redhat.com/security/data/cve/CVE-2012-4209.html>) \n[_CVE-2012-4210_](<https://www.redhat.com/security/data/cve/CVE-2012-4210.html>) \n[_CVE-2012-4214_](<https://www.redhat.com/security/data/cve/CVE-2012-4214.html>) \n[_CVE-2012-4215_](<https://www.redhat.com/security/data/cve/CVE-2012-4215.html>) \n[_CVE-2012-4216_](<https://www.redhat.com/security/data/cve/CVE-2012-4216.html>) \n[_CVE-2012-5829_](<https://www.redhat.com/security/data/cve/CVE-2012-5829.html>) \n[_CVE-2012-5830_](<https://www.redhat.com/security/data/cve/CVE-2012-5830.html>) \n[_CVE-2012-5833_](<https://www.redhat.com/security/data/cve/CVE-2012-5833.html>) \n[_CVE-2012-5835_](<https://www.redhat.com/security/data/cve/CVE-2012-5835.html>) \n[_CVE-2012-5839_](<https://www.redhat.com/security/data/cve/CVE-2012-5839.html>) \n[_CVE-2012-5840_](<https://www.redhat.com/security/data/cve/CVE-2012-5840.html>) \n[_CVE-2012-5841_](<https://www.redhat.com/security/data/cve/CVE-2012-5841.html>) \n[_CVE-2012-5842_](<https://www.redhat.com/security/data/cve/CVE-2012-5842.html>)\n * [](<https://rhn.redhat.com/errata/RHSA-2012-1482.html>)[](<https://rhn.redhat.com/errata/RHSA-2012-1361.html>)[_RHSA-2012-0699_](<https://rhn.redhat.com/errata/RHSA-2012-0699.html>)\n \n[_CVE-2012-2333_](<https://www.redhat.com/security/data/cve/CVE-2012-2333.html>)\n * [_RHSA-2012-0518_](<https://rhn.redhat.com/errata/RHSA-2012-0518.html>)\n \n[_CVE-2012-2110_](<https://www.redhat.com/security/data/cve/CVE-2012-2110.html>)\n * [_RHSA-2012-0426_](<https://rhn.redhat.com/errata/RHSA-2012-0426.html>)\n \n[_CVE-2012-0884_](<https://www.redhat.com/security/data/cve/CVE-2012-0884.html>) \n[_CVE-2012-1165_](<https://www.redhat.com/security/data/cve/CVE-2012-1165.html>) \n**RELATED INFORMATION: ** \n\n\n * [_IBM Secure Engineering Web Portal_](<https://www-304.ibm.com/jct03001c/security/secure-engineering/>)\n * [_IBM Product Security Incident Response Blog_](<https://www.ibm.com/blogs/PSIRT>)\n \n \n \n**CHANGE HISTORY: ** \n\n\n * _28/03/2013__: Original copy published._\n * _03/04/2013__: Restructured the document as per new guidelines._\n * _30/01/2014__: Restructured the document_\n\n_The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. _\n\n \n**_Note: _**_According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY._\n\n[{\"Product\":{\"code\":\"STAV45\",\"label\":\"Network Attached Storage (NAS)-\\u003EScale Out Network Attached Storage\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"1.3.2\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"1.3.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-26T04:23:14", "type": "ibm", "title": "Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3026", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-3639", "CVE-2011-4317", "CVE-2012-0022", "CVE-2012-0053", "CVE-2012-0884", "CVE-2012-1165", "CVE-2012-1956", "CVE-2012-1970", "CVE-2012-1972", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-1975", "CVE-2012-1976", "CVE-2012-2110", "CVE-2012-2333", "CVE-2012-3956", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-3959", "CVE-2012-3960", "CVE-2012-3961", "CVE-2012-3962", "CVE-2012-3963", "CVE-2012-3964", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3968", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3972", "CVE-2012-3976", "CVE-2012-3978", "CVE-2012-3980", "CVE-2012-3982", "CVE-2012-3986", "CVE-2012-3988", "CVE-2012-3990", "CVE-2012-3991", "CVE-2012-3992", "CVE-2012-3993", "CVE-2012-3994", "CVE-2012-3995", "CVE-2012-4179", "CVE-2012-4180", "CVE-2012-4181", "CVE-2012-4182", "CVE-2012-4183", "CVE-2012-4184", "CVE-2012-4185", "CVE-2012-4186", "CVE-2012-4187", "CVE-2012-4188", "CVE-2012-4193", "CVE-2012-4194", "CVE-2012-4195", "CVE-2012-4196", "CVE-2012-4201", "CVE-2012-4202", "CVE-2012-4207", "CVE-2012-4209", "CVE-2012-4210", "CVE-2012-4214", "CVE-2012-4215", "CVE-2012-4216", "CVE-2012-4859", "CVE-2012-5081", "CVE-2012-5829", "CVE-2012-5830", "CVE-2012-5833", "CVE-2012-5835", "CVE-2012-5839", "CVE-2012-5840", "CVE-2012-5841", "CVE-2012-5842", "CVE-2012-5954"], "modified": "2022-09-26T04:23:14", "id": "52BFEC965C91FFF9EB67268FE505ABA82DAD2FDA3420E0AE67F8478C590BB2EA", "href": "https://www.ibm.com/support/pages/node/689121", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}