DATABASE RESOURCES PRICING ABOUT US

{"id": "TOMCAT:3008DCC76D1D9E4F8A16396F620908CF", "vendorId": null, "type": "tomcat", "bulletinFamily": "software", "title": "Fixed in Apache Tomcat 4.1.37", "description": "**Important: Information disclosure** [CVE-2005-3164](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164>)\n\nIf a client specifies a Content-Length but disconnects before sending any of the request body, the deprecated AJP connector processes the request using the request body of the previous request. Users are advised to use the default, supported Coyote AJP connector which does not exhibit this issue.\n\nAffects: 4.0.1-4.0.6, 4.1.0-4.1.36\n\n**Moderate: Cross-site scripting** [CVE-2007-1355](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355>)\n\nThe JSP and Servlet included in the sample application within the Tomcat documentation webapp did not escape user provided data before including it in the output. This enabled a XSS attack. These pages have been simplified not to use any user provided data in the output.\n\nAffects: 4.0.1-4.0.6, 4.1.0-4.1.36\n\n**Low: Cross-site scripting** [CVE-2007-2449](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449>)\n\nJSPs within the examples web application did not escape user provided data before including it in the output. This enabled a XSS attack. These JSPs now filter the data before use. This issue may be mitigated by undeploying the examples web application. Note that it is recommended that the examples web application is not installed on a production system. \n\nAffects: 4.0.0-4.0.6, 4.1.0-4.1.36\n\n**Low: Cross-site scripting** [CVE-2007-2450](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450>)\n\nThe Manager web application did not escape user provided data before including it in the output. This enabled a XSS attack. This application now filters the data before use. This issue may be mitigated by logging out (closing the browser) of the application once the management tasks have been completed.\n\nAffects: 4.0.1-4.0.6, 4.1.0-4.1.36\n\n**Low: Session hi-jacking** [CVE-2007-3382](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382>)\n\nTomcat incorrectly treated a single quote character (') in a cookie value as a delimiter. In some circumstances this lead to the leaking of information such as session ID to an attacker.\n\nAffects: 4.1.0-4.1.36\n\n**Low: Cross-site scripting** [CVE-2007-3383](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3383>)\n\nWhen reporting error messages, the SendMailServlet (part of the examples web application) did not escape user provided data before including it in the output. This enabled a XSS attack. This Servlet now filters the data before use. This issue may be mitigated by undeploying the examples web application. Note that it is recommended that the examples web application is not installed on a production system. \n\nAffects: 4.0.0-4.0.6, 4.1.0-4.1.36\n\n**Low: Session hi-jacking** [CVE-2007-3385](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385>)\n\nTomcat incorrectly handled the character sequence \\\" in a cookie value. In some circumstances this lead to the leaking of information such as session ID to an attacker.\n\nAffects: 4.1.0-4.1.36\n\n**Low: Session hi-jacking** [CVE-2007-5333](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333>)\n\nThe previous fix for [CVE-2007-3385](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385>) was incomplete. It did not consider the use of quotes or %5C within a cookie value.\n\nAffects: 4.1.0-4.1.36\n\n**Important: Information disclosure** [CVE-2007-5461](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461>)\n\nWhen Tomcat's WebDAV servlet is configured for use with a context and has been enabled for write, some WebDAV requests that specify an entity with a SYSTEM tag can result in the contents of arbitary files being returned to the client.\n\nAffects: 4.0.0-4.0.6, 4.1.0-4.1.36", "published": "2005-10-06T00:00:00", "modified": "2005-10-06T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "href": "https://tomcat.apache.org/security-4.html#Fixed_in_Apache_Tomcat_4.1.37", "reporter": "Apache Tomcat", "references": [], "cvelist": ["CVE-2005-3164", "CVE-2007-1355", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3383", "CVE-2007-3385", "CVE-2007-5333", "CVE-2007-5461"], "immutableFields": [], "lastseen": "2021-12-30T15:23:04", "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "atlassian", "idList": ["ATLASSIAN:CONF-10445", "ATLASSIAN:CONFSERVER-10445"]}, {"type": "centos", "idList": ["CESA-2007:0569", "CESA-2007:0871", "CESA-2008:0042", "CESA-2009:1164"]}, {"type": "cert", "idList": ["VU:862600", "VU:993544"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2013-3521"]}, {"type": "cve", "idList": ["CVE-2005-3164", "CVE-2007-1355", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3383", "CVE-2007-3385", "CVE-2007-5333", "CVE-2007-5461", "CVE-2007-5731"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1447-1:D5F9E", "DEBIAN:DSA-1453-1:B65B1", "DEBIAN:DSA-1468-1:D8908"]}, {"type": "exploitdb", "idList": ["EDB-ID:31130"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:5B857ACE0D2D356B9C22F728FA555508"]}, {"type": "fedora", "idList": ["FEDORA:EC5A9208DCA", "FEDORA:LAH5BMCQ011096", "FEDORA:LAH5YH76010685", "FEDORA:M1D4RW3M004324", "FEDORA:M1D5DC2X006390"]}, {"type": "freebsd", "idList": ["AB2575D6-39F0-11DC-B8CC-000FEA449B8A"]}, {"type": "gentoo", "idList": ["GLSA-200804-10"]}, {"type": "jvn", "idList": ["JVN:07100457", "JVN:09470767", "JVN:64851600", "JVN:79314822"]}, {"type": "nessus", "idList": ["4167.PRM", "4245.PRM", "4368.PASL", "4564.PRM", "CENTOS_RHSA-2007-0569.NASL", "CENTOS_RHSA-2007-0871.NASL", "CENTOS_RHSA-2008-0042.NASL", "CENTOS_RHSA-2009-1164.NASL", "DEBIAN_DSA-1447.NASL", "DEBIAN_DSA-1453.NASL", "DEBIAN_DSA-1468.NASL", "FEDORA_2007-3456.NASL", "FEDORA_2007-3474.NASL", "FEDORA_2008-1467.NASL", "FEDORA_2008-1603.NASL", "FEDORA_2008-8130.NASL", "FREEBSD_PKG_AB2575D639F011DCB8CC000FEA449B8A.NASL", "GENTOO_GLSA-200804-10.NASL", "MACOSX_10_5_4.NASL", "MACOSX_SECUPD2008-004.NASL", "MACOSX_SECUPD2008-007.NASL", "MANDRAKE_MDKSA-2007-241.NASL", "MANDRIVA_MDVSA-2009-018.NASL", "MANDRIVA_MDVSA-2009-136.NASL", "MANDRIVA_MDVSA-2010-176.NASL", "ORACLELINUX_ELSA-2007-0569.NASL", "ORACLELINUX_ELSA-2007-0871.NASL", "ORACLELINUX_ELSA-2008-0042.NASL", "ORACLELINUX_ELSA-2009-1164.NASL", "REDHAT-RHSA-2007-0569.NASL", "REDHAT-RHSA-2007-0871.NASL", "REDHAT-RHSA-2007-1069.NASL", "REDHAT-RHSA-2008-0042.NASL", "REDHAT-RHSA-2008-0151.NASL", "REDHAT-RHSA-2008-0213.NASL", "REDHAT-RHSA-2008-0261.NASL", "REDHAT-RHSA-2008-0524.NASL", "REDHAT-RHSA-2008-0630.NASL", "REDHAT-RHSA-2009-1164.NASL", "REDHAT-RHSA-2009-1616.NASL", "REDHAT-RHSA-2009-1617.NASL", "SL_20070717_TOMCAT_ON_SL5_X.NASL", "SL_20080311_TOMCAT_ON_SL5_X.NASL", "SL_20090723_TOMCAT_ON_SL5_X.NASL", "SUSE9_12078.NASL", "SUSE9_12116.NASL", "SUSE_APACHE2-MOD_JK-4992.NASL", "SUSE_APACHE2-MOD_JK-4997.NASL", "SUSE_TOMCAT5-4990.NASL", "SUSE_TOMCAT5-5070.NASL", "SUSE_TOMCAT5-5071.NASL", "SUSE_TOMCAT55-5069.NASL", "SUSE_WEBSPHERE-AS_CE-5850.NASL", "TOMCAT_4_1_37.NASL", "TOMCAT_5_5_25.NASL", "TOMCAT_5_5_26.NASL", "TOMCAT_6_0_13.NASL", "TOMCAT_6_0_14.NASL", "TOMCAT_6_0_16.NASL", "TOMCAT_SAMPLE_HELLO_XSS.NASL", "TOMCAT_SAMPLE_SENDMAIL_XSS.NASL", "TOMCAT_SNOOP_URI_XSS.NASL", "VMWARE_VMSA-2008-00010.NASL", "VMWARE_VMSA-2008-0010.NASL", "VMWARE_VMSA-2009-0016.NASL", "VMWARE_VMSA-2009-0016_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:102025", "OPENVAS:102032", "OPENVAS:1361412562310102025", "OPENVAS:1361412562310102032", "OPENVAS:1361412562310111014", "OPENVAS:1361412562310122466", "OPENVAS:1361412562310122603", "OPENVAS:1361412562310122660", "OPENVAS:1361412562310122674", "OPENVAS:136141256231063205", "OPENVAS:136141256231063412", "OPENVAS:136141256231064452", "OPENVAS:136141256231064582", "OPENVAS:136141256231065285", "OPENVAS:136141256231065440", "OPENVAS:136141256231065836", "OPENVAS:136141256231065993", "OPENVAS:136141256231066182", "OPENVAS:136141256231066183", "OPENVAS:1361412562310830069", "OPENVAS:1361412562310831148", "OPENVAS:1361412562310835005", "OPENVAS:1361412562310870029", "OPENVAS:1361412562310880716", "OPENVAS:58825", "OPENVAS:60102", "OPENVAS:60108", "OPENVAS:60212", "OPENVAS:60810", "OPENVAS:63205", "OPENVAS:63305", "OPENVAS:63306", "OPENVAS:63307", "OPENVAS:63412", "OPENVAS:64452", "OPENVAS:64582", "OPENVAS:65285", "OPENVAS:65440", "OPENVAS:65836", "OPENVAS:65993", "OPENVAS:66182", "OPENVAS:66183", "OPENVAS:830069", "OPENVAS:831148", "OPENVAS:835005", "OPENVAS:860345", "OPENVAS:860400", "OPENVAS:860524", "OPENVAS:861516", "OPENVAS:861582", "OPENVAS:870029", "OPENVAS:880716"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-0569", "ELSA-2007-0871", "ELSA-2008-0042", "ELSA-2009-1164"]}, {"type": "osv", "idList": ["OSV:DSA-1447-1", "OSV:DSA-1453-1", "OSV:DSA-1468-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:56883", "PACKETSTORM:57183"]}, {"type": "redhat", "idList": ["RHSA-2007:0569", "RHSA-2007:0871", "RHSA-2007:0876", "RHSA-2007:0950", "RHSA-2007:1069", "RHSA-2008:0042", "RHSA-2008:0158", "RHSA-2008:0195", "RHSA-2008:0261", "RHSA-2008:0524", "RHSA-2008:0630", "RHSA-2008:0862", "RHSA-2009:1164", "RHSA-2009:1454", "RHSA-2009:1562", "RHSA-2009:1563", "RHSA-2009:1616"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:17057", "SECURITYVULNS:DOC:17267", "SECURITYVULNS:DOC:17268", "SECURITYVULNS:DOC:17581", "SECURITYVULNS:DOC:17779", "SECURITYVULNS:DOC:17780", "SECURITYVULNS:DOC:21244", "SECURITYVULNS:DOC:29650", "SECURITYVULNS:VULN:13207", "SECURITYVULNS:VULN:7724", "SECURITYVULNS:VULN:7815", "SECURITYVULNS:VULN:7964", "SECURITYVULNS:VULN:8036", "SECURITYVULNS:VULN:8591"]}, {"type": "seebug", "idList": ["SSV:2153", "SSV:2341", "SSV:84482"]}, {"type": "tomcat", "idList": ["TOMCAT:41EDA9889C0948C60EF9755D9067C2EF", "TOMCAT:9472937DC7D6CA449B23E8770CD44BA2", "TOMCAT:E676AE46560F7CF2AF55891ED52C5F15", "TOMCAT:ECBBFC6AF9746E5F16035C106F520987", "TOMCAT:EE775FB0489C8488CCA412D4F1D7F36E", "TOMCAT:FFCE0EAF6F002169ADD22518F9756629"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2007-1355", "UB:CVE-2007-2449", "UB:CVE-2007-2450", "UB:CVE-2007-3382", "UB:CVE-2007-3383", "UB:CVE-2007-3385", "UB:CVE-2007-5333", "UB:CVE-2007-5461", "UB:CVE-2007-5731"]}, {"type": "veracode", "idList": ["VERACODE:23200"]}, {"type": "vmware", "idList": ["VMSA-2008-0010", "VMSA-2008-0010.3", "VMSA-2009-0016", "VMSA-2009-0016.6"]}]}, "score": {"value": 0.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "atlassian", "idList": ["ATLASSIAN:CONF-10445"]}, {"type": "centos", "idList": ["CESA-2009:1164"]}, {"type": "cert", "idList": ["VU:993544"]}, {"type": "cve", "idList": ["CVE-2005-3164", "CVE-2007-1355", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3383", "CVE-2007-3385", "CVE-2007-5333", "CVE-2007-5461"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1468-1:D8908"]}, {"type": "exploitdb", "idList": ["EDB-ID:31130"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:5B857ACE0D2D356B9C22F728FA555508"]}, {"type": "fedora", "idList": ["FEDORA:EC5A9208DCA"]}, {"type": "freebsd", "idList": ["AB2575D6-39F0-11DC-B8CC-000FEA449B8A"]}, {"type": "gentoo", "idList": ["GLSA-200804-10"]}, {"type": "jvn", "idList": ["JVN:09470767", "JVN:79314822"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/LINUXRPM-RHSA-2010-0602/"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2008-0042.NASL", "CENTOS_RHSA-2009-1164.NASL", "FREEBSD_PKG_AB2575D639F011DCB8CC000FEA449B8A.NASL", "MACOSX_10_5_4.NASL", "ORACLELINUX_ELSA-2007-0569.NASL", "REDHAT-RHSA-2007-0569.NASL", "REDHAT-RHSA-2009-1617.NASL", "TOMCAT_SAMPLE_SENDMAIL_XSS.NASL", "VMWARE_VMSA-2008-0010.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310102032", "OPENVAS:64452"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-0569", "ELSA-2007-0871", "ELSA-2008-0042", "ELSA-2009-1164"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:57183"]}, {"type": "redhat", "idList": ["RHSA-2007:0871", "RHSA-2008:0042", "RHSA-2009:1164", "RHSA-2009:1454"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:17268", "SECURITYVULNS:VULN:13207"]}, {"type": "seebug", "idList": ["SSV:84482"]}, {"type": "tomcat", "idList": ["TOMCAT:FFCE0EAF6F002169ADD22518F9756629"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2007-3382"]}, {"type": "vmware", "idList": ["VMSA-2008-0010", "VMSA-2008-0010.3"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "apache tomcat", "version": 4}, {"name": "apache tomcat", "version": 4}, {"name": "apache tomcat", "version": 4}, {"name": "apache tomcat", "version": 4}, {"name": "apache tomcat", "version": 4}]}, "vulnersScore": 0.4}, "affectedSoftware": [{"version": "4.0.0", "operator": "ge", "name": "apache tomcat"}, {"version": "4.0.1", "operator": "ge", "name": "apache tomcat"}, {"operator": "le", "version": "4.0.6", "name": "apache tomcat"}, {"version": "4.1.0", "operator": "ge", "name": "apache tomcat"}, {"operator": "le", "version": "4.1.36", "name": "apache tomcat"}], "_state": {"dependencies": 1660012827, "score": 1659915622, "affected_software_major_version": 1666691171}, "_internal": {"score_hash": "bf3a282444f4544ab4e5a9c6f969b6b6"}}

{"nessus": [{"lastseen": "2023-01-11T15:10:11", "description": "According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.37. It is, therefore, affected by the following vulnerabilities :\n\n - The remote Apache Tomcat install may be vulnerable to an information disclosure attack if the deprecated AJP connector processes a client request having a non-zero Content-Length and the client disconnects before sending the request body. (CVE-2005-3164)\n\n - The remote Apache Tomcat install may be vulnerable to a cross-site scripting attack if the JSP and Servlet examples are enabled. Several of these examples do not properly validate user input.\n (CVE-2007-1355, CVE-2007-2449)\n\n - The remote Apache Tomcat install may be vulnerable to a cross-site scripting attack if the Manager web application is enabled as it fails to escape input data. (CVE-2007-2450)\n\n - The remote Apache Tomcat install may be vulnerable to an information disclosure attack via cookies. Apache Tomcat treats the single quote character in a cookie as a delimiter which can lead to information, such as session ID, to be disclosed. (CVE-2007-3382)\n\n - The remote Apache Tomcat install may be vulnerable to a cross-site scripting attack if the SendMailServlet is enabled. The SendMailServlet is a part of the examples web application and, when reporting error messages, fails to escape user provided data. (CVE-2007-3383)\n\n - The remote Apache Tomcat install may be vulnerable to an information disclosure attack via cookies. The previous fix for CVE-2007-3385 was incomplete and did not account for the use of quotes or '%5C' in cookie values.\n (CVE-2007-3385, CVE-2007-5333)\n\n - The remote Apache Tomcat install may be vulnerable to an information disclosure attack via the WebDAV servlet.\n Certain WebDAV requests, containing an entity with a SYSTEM tag, can result in the disclosure of arbitrary file contents. (CVE-2007-5461)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number..", "cvss3": {}, "published": "2010-06-16T00:00:00", "type": "nessus", "title": "Apache Tomcat 4.x < 4.1.37 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-3164", "CVE-2007-1355", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3383", "CVE-2007-3385", "CVE-2007-5333", "CVE-2007-5461"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_4_1_37.NASL", "href": "https://www.tenable.com/plugins/nessus/47030", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47030);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2005-3164\",\n \"CVE-2007-1355\",\n \"CVE-2007-2449\",\n \"CVE-2007-2450\",\n \"CVE-2007-3382\",\n \"CVE-2007-3383\",\n \"CVE-2007-3385\",\n \"CVE-2007-5333\",\n \"CVE-2007-5461\"\n );\n script_bugtraq_id(\n 15003,\n 24058,\n 24475,\n 24476,\n 24999,\n 25316,\n 26070,\n 27706\n );\n script_xref(name:\"SECUNIA\", value:\"27398\");\n script_xref(name:\"SECUNIA\", value:\"28878\");\n script_xref(name:\"SECUNIA\", value:\"25678\");\n script_xref(name:\"SECUNIA\", value:\"26466\");\n\n script_name(english:\"Apache Tomcat 4.x < 4.1.37 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 4.x listening on the remote host is prior to 4.1.37. It is,\ntherefore, affected by the following vulnerabilities :\n\n - The remote Apache Tomcat install may be vulnerable to an\n information disclosure attack if the deprecated AJP\n connector processes a client request having a non-zero\n Content-Length and the client disconnects before\n sending the request body. (CVE-2005-3164)\n\n - The remote Apache Tomcat install may be vulnerable to\n a cross-site scripting attack if the JSP and Servlet\n examples are enabled. Several of these examples do\n not properly validate user input.\n (CVE-2007-1355, CVE-2007-2449)\n\n - The remote Apache Tomcat install may be vulnerable to\n a cross-site scripting attack if the Manager web\n application is enabled as it fails to escape input\n data. (CVE-2007-2450)\n\n - The remote Apache Tomcat install may be vulnerable to an\n information disclosure attack via cookies. Apache Tomcat\n treats the single quote character in a cookie as a\n delimiter which can lead to information, such as session\n ID, to be disclosed. (CVE-2007-3382)\n\n - The remote Apache Tomcat install may be vulnerable to\n a cross-site scripting attack if the SendMailServlet is\n enabled. The SendMailServlet is a part of the examples\n web application and, when reporting error messages,\n fails to escape user provided data. (CVE-2007-3383)\n\n - The remote Apache Tomcat install may be vulnerable to an\n information disclosure attack via cookies. The previous\n fix for CVE-2007-3385 was incomplete and did not account\n for the use of quotes or '%5C' in cookie values.\n (CVE-2007-3385, CVE-2007-5333)\n\n - The remote Apache Tomcat install may be vulnerable to an\n information disclosure attack via the WebDAV servlet.\n Certain WebDAV requests, containing an entity with a\n SYSTEM tag, can result in the disclosure of arbitrary\n file contents. (CVE-2007-5461)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number..\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-4.html#Fixed_in_Apache_Tomcat_4.1.37\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/archive/1/469067/100/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/archive/1/471351/100/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/archive/1/471357/100/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/archive/1/476442/100/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/archive/1/474413/100/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/archive/1/476444/100/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/archive/1/487822/100/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 4.1.37 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2005-3164\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22, 79, 200);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"4.1.37\", min:\"4.0.0\", severity:SECURITY_WARNING, xss:TRUE, granularity_regex:\"^4(\\.1)?$\");\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:35:50", "description": "Updated Tomcat5 packages that fix several security bugs are now available for Fedora Core 8.\n\nThis update includes fixes to the following :\n\n - CVE-2007-1355\n\n - CVE-2007-3386\n\n - CVE-2007-3385\n\n - CVE-2007-3382\n\n - CVE-2007-2450\n\n - CVE-2007-2449\n\n - CVE-2007-5461\n\n - CVE-2007-1358\n\nAll users of tomcat are advised to update to these packages.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2007-11-20T00:00:00", "type": "nessus", "title": "Fedora 8 : tomcat5-5.5.25-1jpp.1.fc8 (2007-3474)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1355", "CVE-2007-1358", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5461"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tomcat5", "p-cpe:/a:fedoraproject:fedora:tomcat5-admin-webapps", "p-cpe:/a:fedoraproject:fedora:tomcat5-common-lib", "p-cpe:/a:fedoraproject:fedora:tomcat5-debuginfo", "p-cpe:/a:fedoraproject:fedora:tomcat5-jasper", "p-cpe:/a:fedoraproject:fedora:tomcat5-jasper-eclipse", "p-cpe:/a:fedoraproject:fedora:tomcat5-jasper-javadoc", "p-cpe:/a:fedoraproject:fedora:tomcat5-jsp-2.0-api", "p-cpe:/a:fedoraproject:fedora:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:fedoraproject:fedora:tomcat5-server-lib", "p-cpe:/a:fedoraproject:fedora:tomcat5-servlet-2.4-api", "p-cpe:/a:fedoraproject:fedora:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:fedoraproject:fedora:tomcat5-webapps", "cpe:/o:fedoraproject:fedora:8"], "id": "FEDORA_2007-3474.NASL", "href": "https://www.tenable.com/plugins/nessus/28258", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-3474.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28258);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-1355\", \"CVE-2007-1358\", \"CVE-2007-2449\", \"CVE-2007-2450\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\", \"CVE-2007-5461\");\n script_xref(name:\"FEDORA\", value:\"2007-3474\");\n\n script_name(english:\"Fedora 8 : tomcat5-5.5.25-1jpp.1.fc8 (2007-3474)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Tomcat5 packages that fix several security bugs are now\navailable for Fedora Core 8.\n\nThis update includes fixes to the following :\n\n - CVE-2007-1355\n\n - CVE-2007-3386\n\n - CVE-2007-3385\n\n - CVE-2007-3382\n\n - CVE-2007-2450\n\n - CVE-2007-2449\n\n - CVE-2007-5461\n\n - CVE-2007-1358\n\nAll users of tomcat are advised to update to these packages.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=244803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=244804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=244808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=247972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=247976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=247994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=253166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=333791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=363001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=363081\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-November/004949.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?15257d44\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(22, 79, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5-jasper-eclipse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"tomcat5-5.5.25-1jpp.1.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"tomcat5-admin-webapps-5.5.25-1jpp.1.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"tomcat5-common-lib-5.5.25-1jpp.1.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"tomcat5-debuginfo-5.5.25-1jpp.1.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"tomcat5-jasper-5.5.25-1jpp.1.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"tomcat5-jasper-eclipse-5.5.25-1jpp.1.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"tomcat5-jasper-javadoc-5.5.25-1jpp.1.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"tomcat5-jsp-2.0-api-5.5.25-1jpp.1.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.25-1jpp.1.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"tomcat5-server-lib-5.5.25-1jpp.1.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"tomcat5-servlet-2.4-api-5.5.25-1jpp.1.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.25-1jpp.1.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"tomcat5-webapps-5.5.25-1jpp.1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:36:06", "description": "Updated Tomcat5 packages that fix several security bugs are now available for Fedora Core 7.\n\nThis update includes fixes to the following :\n\n - CVE-2007-1355\n\n - CVE-2007-3386\n\n - CVE-2007-3385\n\n - CVE-2007-3382\n\n - CVE-2007-2450\n\n - CVE-2007-2449\n\n - CVE-2007-5461\n\n - CVE-2007-1358\n\nAll users of tomcat are advised to update to these packages.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2007-11-20T00:00:00", "type": "nessus", "title": "Fedora 7 : tomcat5-5.5.25-1jpp.1.fc7 (2007-3456)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1355", "CVE-2007-1358", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5461"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tomcat5", "p-cpe:/a:fedoraproject:fedora:tomcat5-admin-webapps", "p-cpe:/a:fedoraproject:fedora:tomcat5-common-lib", "p-cpe:/a:fedoraproject:fedora:tomcat5-debuginfo", "p-cpe:/a:fedoraproject:fedora:tomcat5-jasper", "p-cpe:/a:fedoraproject:fedora:tomcat5-jasper-eclipse", "p-cpe:/a:fedoraproject:fedora:tomcat5-jasper-javadoc", "p-cpe:/a:fedoraproject:fedora:tomcat5-jsp-2.0-api", "p-cpe:/a:fedoraproject:fedora:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:fedoraproject:fedora:tomcat5-server-lib", "p-cpe:/a:fedoraproject:fedora:tomcat5-servlet-2.4-api", "p-cpe:/a:fedoraproject:fedora:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:fedoraproject:fedora:tomcat5-webapps", "cpe:/o:fedoraproject:fedora:7"], "id": "FEDORA_2007-3456.NASL", "href": "https://www.tenable.com/plugins/nessus/28257", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-3456.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28257);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-1355\", \"CVE-2007-1358\", \"CVE-2007-2449\", \"CVE-2007-2450\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\", \"CVE-2007-5461\");\n script_bugtraq_id(24475, 24476, 24524, 25316, 26070);\n script_xref(name:\"FEDORA\", value:\"2007-3456\");\n\n script_name(english:\"Fedora 7 : tomcat5-5.5.25-1jpp.1.fc7 (2007-3456)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Tomcat5 packages that fix several security bugs are now\navailable for Fedora Core 7.\n\nThis update includes fixes to the following :\n\n - CVE-2007-1355\n\n - CVE-2007-3386\n\n - CVE-2007-3385\n\n - CVE-2007-3382\n\n - CVE-2007-2450\n\n - CVE-2007-2449\n\n - CVE-2007-5461\n\n - CVE-2007-1358\n\nAll users of tomcat are advised to update to these packages.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=244803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=244804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=244808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=244810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=247972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=247976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=247994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=253166\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-November/004929.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?93b8a7ae\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22, 79, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5-jasper-eclipse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"tomcat5-5.5.25-1jpp.1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"tomcat5-admin-webapps-5.5.25-1jpp.1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"tomcat5-common-lib-5.5.25-1jpp.1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"tomcat5-debuginfo-5.5.25-1jpp.1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"tomcat5-jasper-5.5.25-1jpp.1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"tomcat5-jasper-eclipse-5.5.25-1jpp.1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"tomcat5-jasper-javadoc-5.5.25-1jpp.1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"tomcat5-jsp-2.0-api-5.5.25-1jpp.1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.25-1jpp.1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"tomcat5-server-lib-5.5.25-1jpp.1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"tomcat5-servlet-2.4-api-5.5.25-1jpp.1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.25-1jpp.1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"tomcat5-webapps-5.5.25-1jpp.1.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:56:54", "description": "A number of vulnerabilities were found in Tomcat :\n\nA directory traversal vulnerability, when using certain proxy modules, allows a remote attacker to read arbitrary files via a .. (dot dot) sequence with various slash, backslash, or url-encoded backslash characters (CVE-2007-0450; affects Mandriva Linux 2007.1 only).\n\nMultiple cross-site scripting vulnerabilities in certain JSP files allow remote attackers to inject arbitrary web script or HTML (CVE-2007-2449).\n\nMultiple cross-site scripting vulnerabilities in the Manager and Host Manager web applications allow remote authenticated users to inject arbitrary web script or HTML (CVE-2007-2450).\n\nTomcat treated single quotes as delimiters in cookies, which could cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks (CVE-2007-3382).\n\nTomcat did not properly handle the ' character sequence in a cookie value, which could cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks (CVE-2007-3385).\n\nA cross-site scripting vulnerability in the Host Manager servlet allowed remote attackers to inject arbitrary HTML and web script via crafted attacks (CVE-2007-3386).\n\nFinally, an absolute path traversal vulnerability, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag (CVE-2007-5461).\n\nThe updated packages have been patched to correct these issues.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : tomcat5 (MDKSA-2007:241)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0450", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5461"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:tomcat5", "p-cpe:/a:mandriva:linux:tomcat5-admin-webapps", "p-cpe:/a:mandriva:linux:tomcat5-common-lib", "p-cpe:/a:mandriva:linux:tomcat5-jasper", "p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-server-lib", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-webapps", "cpe:/o:mandriva:linux:2007.1", "cpe:/o:mandriva:linux:2008.0"], "id": "MANDRAKE_MDKSA-2007-241.NASL", "href": "https://www.tenable.com/plugins/nessus/38147", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:241. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38147);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-0450\", \"CVE-2007-2449\", \"CVE-2007-2450\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\", \"CVE-2007-5461\");\n script_xref(name:\"MDKSA\", value:\"2007:241\");\n\n script_name(english:\"Mandrake Linux Security Advisory : tomcat5 (MDKSA-2007:241)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of vulnerabilities were found in Tomcat :\n\nA directory traversal vulnerability, when using certain proxy modules,\nallows a remote attacker to read arbitrary files via a .. (dot dot)\nsequence with various slash, backslash, or url-encoded backslash\ncharacters (CVE-2007-0450; affects Mandriva Linux 2007.1 only).\n\nMultiple cross-site scripting vulnerabilities in certain JSP files\nallow remote attackers to inject arbitrary web script or HTML\n(CVE-2007-2449).\n\nMultiple cross-site scripting vulnerabilities in the Manager and Host\nManager web applications allow remote authenticated users to inject\narbitrary web script or HTML (CVE-2007-2450).\n\nTomcat treated single quotes as delimiters in cookies, which could\ncause sensitive information such as session IDs to be leaked and allow\nremote attackers to conduct session hijacking attacks (CVE-2007-3382).\n\nTomcat did not properly handle the ' character sequence in a cookie\nvalue, which could cause sensitive information such as session IDs to\nbe leaked and allow remote attackers to conduct session hijacking\nattacks (CVE-2007-3385).\n\nA cross-site scripting vulnerability in the Host Manager servlet\nallowed remote attackers to inject arbitrary HTML and web script via\ncrafted attacks (CVE-2007-3386).\n\nFinally, an absolute path traversal vulnerability, under certain\nconfigurations, allows remote authenticated users to read arbitrary\nfiles via a WebDAV write request that specifies an entity with a\nSYSTEM tag (CVE-2007-5461).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(22, 79, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", reference:\"tomcat5-5.5.17-6.2.4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"tomcat5-admin-webapps-5.5.17-6.2.4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"tomcat5-common-lib-5.5.17-6.2.4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"tomcat5-jasper-5.5.17-6.2.4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"tomcat5-jasper-javadoc-5.5.17-6.2.4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"tomcat5-jsp-2.0-api-5.5.17-6.2.4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.17-6.2.4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"tomcat5-server-lib-5.5.17-6.2.4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"tomcat5-servlet-2.4-api-5.5.17-6.2.4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.17-6.2.4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"tomcat5-webapps-5.5.17-6.2.4.1mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-5.5.23-9.2.10.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-admin-webapps-5.5.23-9.2.10.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-common-lib-5.5.23-9.2.10.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-jasper-5.5.23-9.2.10.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-jasper-javadoc-5.5.23-9.2.10.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-jsp-2.0-api-5.5.23-9.2.10.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-server-lib-5.5.23-9.2.10.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-servlet-2.4-api-5.5.23-9.2.10.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-webapps-5.5.23-9.2.10.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:26:20", "description": "According to its self-reported version number, the instance Apache Tomcat running on the remote host is 5.0.x equal to or prior to 5.0.30 or 5.5.x prior to 5.5.25. It is, therefore, affected by multiple vulnerabilities :\n\n - An error exists in several JSP example files that allows script injection via URLs using the ';' character.\n (CVE-2007-2449)\n\n - The Manager and Host Manager applications do not properly sanitize the 'filename' parameter of the '/manager/html/upload' script, which can lead to cross- site scripting attacks. (CVE-2007-2450)\n\n - An error exists in the handling of cookie values containing single quotes which Tomcat treats as delimiters. This can allow disclosure of sensitive information such as session IDs. (CVE-2007-3382)\n\n - An error exists in the handling of cookie values containing backslashes which Tomcat treats as delimiters. This can allow disclosure of sensitive information such as session IDs. (CVE-2007-3385)\n\n - An error exists in the Host Manager application which allows script injection. (CVE-2007-3386)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2010-12-07T00:00:00", "type": "nessus", "title": "Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.25 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_5_5_25.NASL", "href": "https://www.tenable.com/plugins/nessus/51059", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51059);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2007-2449\",\n \"CVE-2007-2450\",\n \"CVE-2007-3382\",\n \"CVE-2007-3385\",\n \"CVE-2007-3386\"\n );\n script_bugtraq_id(\n 24475,\n 24476,\n 25314,\n 25316\n );\n script_xref(name:\"CERT\", value:\"993544\");\n script_xref(name:\"SECUNIA\", value:\"25678\");\n script_xref(name:\"SECUNIA\", value:\"26465\");\n script_xref(name:\"SECUNIA\", value:\"26466\");\n\n script_name(english:\"Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.25 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance Apache\nTomcat running on the remote host is 5.0.x equal to or prior to 5.0.30\nor 5.5.x prior to 5.5.25. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An error exists in several JSP example files that allows\n script injection via URLs using the ';' character.\n (CVE-2007-2449)\n\n - The Manager and Host Manager applications do not\n properly sanitize the 'filename' parameter of the\n '/manager/html/upload' script, which can lead to cross-\n site scripting attacks. (CVE-2007-2450)\n\n - An error exists in the handling of cookie values\n containing single quotes which Tomcat treats as\n delimiters. This can allow disclosure of sensitive\n information such as session IDs. (CVE-2007-3382)\n\n - An error exists in the handling of cookie values\n containing backslashes which Tomcat treats as\n delimiters. This can allow disclosure of sensitive\n information such as session IDs. (CVE-2007-3385)\n\n - An error exists in the Host Manager application which\n allows script injection. (CVE-2007-3386)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.25,_5.0.SVN\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1a40289c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2007/Jun/180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2007/Jun/182\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 5.5.25. Alternatively, use the latest\nSVN source for 5.0.x. The 5.0.x branch was fixed in SVN revision\nnumber 588821.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2007-2449\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 200);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\n# nb: 5.0.30 was the last 5.0.x and thus all 5.0.x are vuln\ntomcat_check_version(fixed:\"5.5.25\", min:\"5.0.0\", severity:SECURITY_WARNING, xss:TRUE, granularity_regex:\"^5(\\.5)?$\");\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:45:11", "description": "According to its self-reported version number, the Apache Tomcat instance listening on the remote host is prior to 6.0.14. It is, therefore, affected by the following vulnerabilities :\n\n - Cross-site scripting (XSS) vulnerabilities exists due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session. (CVE-2007-2449, CVE-2007-2450, CVE-2007-3386)\n\n - Session hijacking vulnerabilities exists in Tomcat due to incorrect handling of specific special characters in cookie values. In certain cases an attacker could leverage this to leak sensitive information, such as the session ID.\n (CVE-2007-3382, CVE-2007-3385)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-01-11T00:00:00", "type": "nessus", "title": "Apache Tomcat < 6.0.14 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_6_0_14.NASL", "href": "https://www.tenable.com/plugins/nessus/121113", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121113);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2007-2449\",\n \"CVE-2007-2450\",\n \"CVE-2007-3382\",\n \"CVE-2007-3385\",\n \"CVE-2007-3386\"\n );\n\n script_name(english:\"Apache Tomcat < 6.0.14 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple \nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Apache Tomcat\ninstance listening on the remote host is prior to 6.0.14. It is,\ntherefore, affected by the following vulnerabilities :\n\n - Cross-site scripting (XSS) vulnerabilities exists due \n to improper validation of user-supplied input before \n returning it to users. An unauthenticated, remote attacker \n can exploit this, by convincing a user to click a specially \n crafted URL, to execute arbitrary script code in a user's \n browser session. (CVE-2007-2449, CVE-2007-2450, \n CVE-2007-3386)\n\n - Session hijacking vulnerabilities exists in Tomcat due to \n incorrect handling of specific special characters in cookie\n values. In certain cases an attacker could leverage this\n to leak sensitive information, such as the session ID.\n (CVE-2007-3382, CVE-2007-3385)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.14\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 6.0.14 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2007-3386\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 200);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"6.0.14\", min:\"6.0.0\", severity:SECURITY_WARNING, xss:TRUE, granularity_regex:\"^6(\\.0)?$\");\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:27:54", "description": "Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-3382 It was discovered that single quotes (') in cookies were treated as a delimiter, which could lead to an information leak.\n\n - CVE-2007-3385 It was discovered that the character sequence \\' in cookies was handled incorrectly, which could lead to an information leak.\n\n - CVE-2007-5461 It was discovered that the WebDAV servlet is vulnerable to absolute path traversal.", "cvss3": {}, "published": "2008-01-08T00:00:00", "type": "nessus", "title": "Debian DSA-1453-1 : tomcat5 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3382", "CVE-2007-3385", "CVE-2007-5461"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat5", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1453.NASL", "href": "https://www.tenable.com/plugins/nessus/29872", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1453. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29872);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-5461\");\n script_xref(name:\"DSA\", value:\"1453\");\n\n script_name(english:\"Debian DSA-1453-1 : tomcat5 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2007-3382\n It was discovered that single quotes (') in cookies were\n treated as a delimiter, which could lead to an\n information leak.\n\n - CVE-2007-3385\n It was discovered that the character sequence \\' in\n cookies was handled incorrectly, which could lead to an\n information leak.\n\n - CVE-2007-5461\n It was discovered that the WebDAV servlet is vulnerable\n to absolute path traversal.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1453\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat5 packages.\n\nThe old stable distribution (sarge) doesn't contain tomcat5.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 5.0.30-12etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(22, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"libtomcat5-java\", reference:\"5.0.30-12etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"tomcat5\", reference:\"5.0.30-12etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"tomcat5-admin\", reference:\"5.0.30-12etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"tomcat5-webapps\", reference:\"5.0.30-12etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:29:50", "description": "----------------------------------------------------------------------\n---------- ChangeLog :\n\n - Tue Feb 12 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.2\n\n - Rebuilt\n\n - Fri Feb 8 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.1\n\n - Update to new upstream version, which also fixes the following :\n\n - CVE-2007-5342\n\n - CVE-2007-5333\n\n - CVE-2007-5461\n\n - CVE-2007-6286\n\n - Removed patch20, now in upstream.\n\n - Sat Jan 5 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-2jpp.2\n\n - Fix for bz #153187\n\n - Fix init script for bz #380921\n\n - Fix tomcat5.conf and spec file for bz #253605\n\n - Fix for bz #426850\n\n - Fix for bz #312561\n\n - Fix init script, per bz #247077\n\n - Fix builds on alpha, per bz #253827\n\n - Thu Nov 15 2007 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-1jpp.1\n\n - Updated to 5.5.25, to fix the following issues :\n\n - CVE-2007-1355\n\n - CVE-2007-3386\n\n - CVE-2007-3385\n\n - CVE-2007-3382\n\n - CVE-2007-2450, RH bugzilla #244808, #244810, #244812, #363081\n\n - CVE-2007-2449, RH bugzilla #244810, #244812, #244804, #363081\n\n - Applied patch(20) for RH bugzilla #333791, CVE-2007-5461\n\n - Applied patch(21) for RH bugzilla #244803, #244812, #363081, CVE-2007-1358\n\n - Mon Aug 6 2007 Ben Konrath <bkonrath at redhat.com> 0:5.5.23-9jpp.4\n\n - Add jasper-eclipse subpackage which is needed for eclipse 3.3.\n\n - Inject OSGi manifest into servlet api jar and jsp api jar.\n\n - Mon Jul 23 2007 Vivek Lakshmanan <vivekl at redhat.com> 0:5.5.23-9jpp.3\n\n - Resolves: Bug 246374\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2008-02-14T00:00:00", "type": "nessus", "title": "Fedora 7 : tomcat5-5.5.26-1jpp.2.fc7 (2008-1467)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1355", "CVE-2007-1358", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-6286", "CVE-2008-0002"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tomcat5", "cpe:/o:fedoraproject:fedora:7"], "id": "FEDORA_2008-1467.NASL", "href": "https://www.tenable.com/plugins/nessus/31062", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-1467.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31062);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-5333\", \"CVE-2007-5342\", \"CVE-2007-6286\", \"CVE-2008-0002\");\n script_bugtraq_id(27006, 27703, 27706);\n script_xref(name:\"FEDORA\", value:\"2008-1467\");\n\n script_name(english:\"Fedora 7 : tomcat5-5.5.26-1jpp.2.fc7 (2008-1467)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"----------------------------------------------------------------------\n---------- ChangeLog :\n\n - Tue Feb 12 2008 Devrim GUNDUZ <devrim at\n commandprompt.com> 0:5.5.26-1jpp.2\n\n - Rebuilt\n\n - Fri Feb 8 2008 Devrim GUNDUZ <devrim at\n commandprompt.com> 0:5.5.26-1jpp.1\n\n - Update to new upstream version, which also fixes the\n following :\n\n - CVE-2007-5342\n\n - CVE-2007-5333\n\n - CVE-2007-5461\n\n - CVE-2007-6286\n\n - Removed patch20, now in upstream.\n\n - Sat Jan 5 2008 Devrim GUNDUZ <devrim at\n commandprompt.com> 0:5.5.25-2jpp.2\n\n - Fix for bz #153187\n\n - Fix init script for bz #380921\n\n - Fix tomcat5.conf and spec file for bz #253605\n\n - Fix for bz #426850\n\n - Fix for bz #312561\n\n - Fix init script, per bz #247077\n\n - Fix builds on alpha, per bz #253827\n\n - Thu Nov 15 2007 Devrim GUNDUZ <devrim at\n commandprompt.com> 0:5.5.25-1jpp.1\n\n - Updated to 5.5.25, to fix the following issues :\n\n - CVE-2007-1355\n\n - CVE-2007-3386\n\n - CVE-2007-3385\n\n - CVE-2007-3382\n\n - CVE-2007-2450, RH bugzilla #244808, #244810, #244812,\n #363081\n\n - CVE-2007-2449, RH bugzilla #244810, #244812, #244804,\n #363081\n\n - Applied patch(20) for RH bugzilla #333791,\n CVE-2007-5461\n\n - Applied patch(21) for RH bugzilla #244803, #244812,\n #363081, CVE-2007-1358\n\n - Mon Aug 6 2007 Ben Konrath <bkonrath at redhat.com>\n 0:5.5.23-9jpp.4\n\n - Add jasper-eclipse subpackage which is needed for\n eclipse 3.3.\n\n - Inject OSGi manifest into servlet api jar and jsp api\n jar.\n\n - Mon Jul 23 2007 Vivek Lakshmanan <vivekl at\n redhat.com> 0:5.5.23-9jpp.3\n\n - Resolves: Bug 246374\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=427216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=427766\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=432327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=432332\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007696.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ed652e47\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat5 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"tomcat5-5.5.26-1jpp.2.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T14:29:07", "description": "- Tue Feb 12 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.2\n\n - Rebuilt\n\n - Fri Feb 8 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.1\n\n - Update to new upstream version, which also fixes the following :\n\n - CVE-2007-5342\n\n - CVE-2007-5333\n\n - CVE-2007-5461\n\n - CVE-2007-6286\n\n - Removed patch20, now in upstream.\n\n - Sat Jan 5 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-2jpp.2\n\n - Fix for bz #153187\n\n - Fix init script for bz #380921\n\n - Fix tomcat5.conf and spec file for bz #253605\n\n - Fix for bz #426850\n\n - Fix for bz #312561\n\n - Fix init script, per bz #247077\n\n - Fix builds on alpha, per bz #253827\n\n - Thu Nov 15 2007 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-1jpp.1\n\n - Updated to 5.5.25, to fix the following issues :\n\n - CVE-2007-1355\n\n - CVE-2007-3386\n\n - CVE-2007-3385\n\n - CVE-2007-3382\n\n - CVE-2007-2450, RH bugzilla #244808, #244810, #244812, #363081\n\n - CVE-2007-2449, RH bugzilla #244810, #244812, #244804, #363081\n\n - Applied patch(20) for RH bugzilla #333791, CVE-2007-5461\n\n - Applied patch(21) for RH bugzilla #244803, #244812, #363081, CVE-2007-1358\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2008-02-14T00:00:00", "type": "nessus", "title": "Fedora 8 : tomcat5-5.5.26-1jpp.2.fc8 (2008-1603)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1355", "CVE-2007-1358", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-6286", "CVE-2008-0002"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tomcat5", "cpe:/o:fedoraproject:fedora:8"], "id": "FEDORA_2008-1603.NASL", "href": "https://www.tenable.com/plugins/nessus/31074", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-1603.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31074);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-5333\", \"CVE-2007-5342\", \"CVE-2007-6286\", \"CVE-2008-0002\");\n script_bugtraq_id(27006, 27703, 27706);\n script_xref(name:\"FEDORA\", value:\"2008-1603\");\n\n script_name(english:\"Fedora 8 : tomcat5-5.5.26-1jpp.2.fc8 (2008-1603)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Feb 12 2008 Devrim GUNDUZ <devrim at\n commandprompt.com> 0:5.5.26-1jpp.2\n\n - Rebuilt\n\n - Fri Feb 8 2008 Devrim GUNDUZ <devrim at\n commandprompt.com> 0:5.5.26-1jpp.1\n\n - Update to new upstream version, which also fixes the\n following :\n\n - CVE-2007-5342\n\n - CVE-2007-5333\n\n - CVE-2007-5461\n\n - CVE-2007-6286\n\n - Removed patch20, now in upstream.\n\n - Sat Jan 5 2008 Devrim GUNDUZ <devrim at\n commandprompt.com> 0:5.5.25-2jpp.2\n\n - Fix for bz #153187\n\n - Fix init script for bz #380921\n\n - Fix tomcat5.conf and spec file for bz #253605\n\n - Fix for bz #426850\n\n - Fix for bz #312561\n\n - Fix init script, per bz #247077\n\n - Fix builds on alpha, per bz #253827\n\n - Thu Nov 15 2007 Devrim GUNDUZ <devrim at\n commandprompt.com> 0:5.5.25-1jpp.1\n\n - Updated to 5.5.25, to fix the following issues :\n\n - CVE-2007-1355\n\n - CVE-2007-3386\n\n - CVE-2007-3385\n\n - CVE-2007-3382\n\n - CVE-2007-2450, RH bugzilla #244808, #244810, #244812,\n #363081\n\n - CVE-2007-2449, RH bugzilla #244810, #244812, #244804,\n #363081\n\n - Applied patch(20) for RH bugzilla #333791,\n CVE-2007-5461\n\n - Applied patch(21) for RH bugzilla #244803, #244812,\n #363081, CVE-2007-1358\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=427216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=427766\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=432327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=432332\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007841.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?496d579c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat5 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"tomcat5-5.5.26-1jpp.2.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T14:41:10", "description": "- Mon Sep 15 2008 David Walluck <dwalluck at redhat.com> 0:5.5.27-0jpp.2\n\n - add commons-io symlink\n\n - Mon Sep 15 2008 David Walluck <dwalluck at redhat.com> 0:5.5.27-0jpp.1\n\n - 5.5.27 Resolves: rhbz#456120 Resolves: rhbz#457934 Resolves: rhbz#446393 Resolves: rhbz#457597\n\n - Tue Feb 12 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.2\n\n - Rebuilt\n\n - Fri Feb 8 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.1\n\n - Update to new upstream version, which also fixes the following :\n\n - CVE-2007-5342\n\n - CVE-2007-5333\n\n - CVE-2007-5461\n\n - CVE-2007-6286\n\n - Removed patch20, now in upstream.\n\n - Sat Jan 5 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-2jpp.2\n\n - Fix for bz #153187\n\n - Fix init script for bz #380921\n\n - Fix tomcat5.conf and spec file for bz #253605\n\n - Fix for bz #426850\n\n - Fix for bz #312561\n\n - Fix init script, per bz #247077\n\n - Fix builds on alpha, per bz #253827\n\n - Thu Nov 15 2007 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-1jpp.1\n\n - Updated to 5.5.25, to fix the following issues :\n\n - CVE-2007-1355\n\n - CVE-2007-3386\n\n - CVE-2007-3385\n\n - CVE-2007-3382\n\n - CVE-2007-2450, RH bugzilla #244808, #244810, #244812, #363081\n\n - CVE-2007-2449, RH bugzilla #244810, #244812, #244804, #363081\n\n - Applied patch(20) for RH bugzilla #333791, CVE-2007-5461\n\n - Applied patch(21) for RH bugzilla #244803, #244812, #363081, CVE-2007-1358\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2008-09-17T00:00:00", "type": "nessus", "title": "Fedora 8 : tomcat5-5.5.27-0jpp.2.fc8 (2008-8130)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1355", "CVE-2007-1358", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-6286", "CVE-2008-1232", "CVE-2008-1947", "CVE-2008-2370", "CVE-2008-2938"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tomcat5", "cpe:/o:fedoraproject:fedora:8"], "id": "FEDORA_2008-8130.NASL", "href": "https://www.tenable.com/plugins/nessus/34227", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-8130.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34227);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-1232\", \"CVE-2008-1947\", \"CVE-2008-2370\", \"CVE-2008-2938\");\n script_bugtraq_id(29502, 30494, 30496, 30633);\n script_xref(name:\"FEDORA\", value:\"2008-8130\");\n\n script_name(english:\"Fedora 8 : tomcat5-5.5.27-0jpp.2.fc8 (2008-8130)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Sep 15 2008 David Walluck <dwalluck at redhat.com>\n 0:5.5.27-0jpp.2\n\n - add commons-io symlink\n\n - Mon Sep 15 2008 David Walluck <dwalluck at redhat.com>\n 0:5.5.27-0jpp.1\n\n - 5.5.27 Resolves: rhbz#456120 Resolves: rhbz#457934\n Resolves: rhbz#446393 Resolves: rhbz#457597\n\n - Tue Feb 12 2008 Devrim GUNDUZ <devrim at\n commandprompt.com> 0:5.5.26-1jpp.2\n\n - Rebuilt\n\n - Fri Feb 8 2008 Devrim GUNDUZ <devrim at\n commandprompt.com> 0:5.5.26-1jpp.1\n\n - Update to new upstream version, which also fixes the\n following :\n\n - CVE-2007-5342\n\n - CVE-2007-5333\n\n - CVE-2007-5461\n\n - CVE-2007-6286\n\n - Removed patch20, now in upstream.\n\n - Sat Jan 5 2008 Devrim GUNDUZ <devrim at\n commandprompt.com> 0:5.5.25-2jpp.2\n\n - Fix for bz #153187\n\n - Fix init script for bz #380921\n\n - Fix tomcat5.conf and spec file for bz #253605\n\n - Fix for bz #426850\n\n - Fix for bz #312561\n\n - Fix init script, per bz #247077\n\n - Fix builds on alpha, per bz #253827\n\n - Thu Nov 15 2007 Devrim GUNDUZ <devrim at\n commandprompt.com> 0:5.5.25-1jpp.1\n\n - Updated to 5.5.25, to fix the following issues :\n\n - CVE-2007-1355\n\n - CVE-2007-3386\n\n - CVE-2007-3385\n\n - CVE-2007-3382\n\n - CVE-2007-2450, RH bugzilla #244808, #244810, #244812,\n #363081\n\n - CVE-2007-2449, RH bugzilla #244810, #244812, #244804,\n #363081\n\n - Applied patch(20) for RH bugzilla #333791,\n CVE-2007-5461\n\n - Applied patch(21) for RH bugzilla #244803, #244812,\n #363081, CVE-2007-1358\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=446393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=456120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=457597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=457934\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014420.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?09205e05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat5 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"tomcat5-5.5.27-0jpp.2.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:28:12", "description": "Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-3382 It was discovered that single quotes (') in cookies were treated as a delimiter, which could lead to an information leak.\n\n - CVE-2007-3385 It was discovered that the character sequence \\' in cookies was handled incorrectly, which could lead to an information leak.\n\n - CVE-2007-3386 It was discovered that the host manager servlet performed insufficient input validation, which could lead to a cross-site scripting attack.\n\n - CVE-2007-5342 It was discovered that the JULI logging component did not restrict its target path, resulting in potential denial of service through file overwrites.\n\n - CVE-2007-5461 It was discovered that the WebDAV servlet is vulnerable to absolute path traversal.", "cvss3": {}, "published": "2008-01-07T00:00:00", "type": "nessus", "title": "Debian DSA-1447-1 : tomcat5.5 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5342", "CVE-2007-5461"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat5.5", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1447.NASL", "href": "https://www.tenable.com/plugins/nessus/29856", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1447. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29856);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\", \"CVE-2007-5342\", \"CVE-2007-5461\");\n script_xref(name:\"DSA\", value:\"1447\");\n\n script_name(english:\"Debian DSA-1447-1 : tomcat5.5 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2007-3382\n It was discovered that single quotes (') in cookies were\n treated as a delimiter, which could lead to an\n information leak.\n\n - CVE-2007-3385\n It was discovered that the character sequence \\' in\n cookies was handled incorrectly, which could lead to an\n information leak.\n\n - CVE-2007-3386\n It was discovered that the host manager servlet\n performed insufficient input validation, which could\n lead to a cross-site scripting attack.\n\n - CVE-2007-5342\n It was discovered that the JULI logging component did\n not restrict its target path, resulting in potential\n denial of service through file overwrites.\n\n - CVE-2007-5461\n It was discovered that the WebDAV servlet is vulnerable\n to absolute path traversal.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1447\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat5.5 packages.\n\nThe old stable distribution (sarge) doesn't contain tomcat5.5.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 5.5.20-2etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_cwe_id(22, 79, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"libtomcat5.5-java\", reference:\"5.5.20-2etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"tomcat5.5\", reference:\"5.5.20-2etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"tomcat5.5-admin\", reference:\"5.5.20-2etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"tomcat5.5-webapps\", reference:\"5.5.20-2etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T15:10:52", "description": "According to its self-reported version number, the instance of Apache Tomcat listening on the remote host is prior to 5.5.26. It is, therefore, affected by multiple vulnerabilities :\n\n - The remote Apache Tomcat install may be vulnerable to an information disclosure attack via cookies. The previous fix for CVE-2007-3385 was incomplete and did not account for the use of quotes or '%5C' in cookie values.\n (CVE-2007-3385, CVE-2007-5333)\n\n - The default security policy in the JULI logging component did not restrict access permissions to files.\n This could be misused by untrusted web applications to access and write arbitrary files in the context of the tomcat process. (CVE-2007-5342)\n\n - The remote Apache Tomcat install may be vulnerable to an information disclosure attack via the WebDAV servlet.\n Certain WebDAV requests, containing an entity with a SYSTEM tag can result in the disclosure of arbitrary file contents. (CVE-2007-5461)\n\n - When the native APR connector is used, it does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of a duplicate copy of one of the recent requests, as demonstrated by using netcat to send the empty request.\n (CVE-2007-6286)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2010-07-01T00:00:00", "type": "nessus", "title": "Apache Tomcat < 5.5.26 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3385", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-6286"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_5_5_26.NASL", "href": "https://www.tenable.com/plugins/nessus/47576", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47576);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2007-5333\",\n \"CVE-2007-5342\",\n \"CVE-2007-5461\",\n \"CVE-2007-6286\"\n );\n script_bugtraq_id(\n 26070,\n 27006,\n 27706,\n 49470\n );\n script_xref(name:\"SECUNIA\", value:\"27398\");\n script_xref(name:\"SECUNIA\", value:\"28274\");\n script_xref(name:\"SECUNIA\", value:\"28878\");\n\n script_name(english:\"Apache Tomcat < 5.5.26 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat listening on the remote host is prior to 5.5.26. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - The remote Apache Tomcat install may be vulnerable to an\n information disclosure attack via cookies. The previous\n fix for CVE-2007-3385 was incomplete and did not account\n for the use of quotes or '%5C' in cookie values.\n (CVE-2007-3385, CVE-2007-5333)\n\n - The default security policy in the JULI logging\n component did not restrict access permissions to files.\n This could be misused by untrusted web applications to\n access and write arbitrary files in the context of the\n tomcat process. (CVE-2007-5342)\n\n - The remote Apache Tomcat install may be vulnerable to an\n information disclosure attack via the WebDAV servlet.\n Certain WebDAV requests, containing an entity with a\n SYSTEM tag can result in the disclosure of arbitrary\n file contents. (CVE-2007-5461)\n\n - When the native APR connector is used, it does not\n properly handle an empty request to the SSL port, which\n allows remote attackers to trigger handling of a\n duplicate copy of one of the recent requests, as\n demonstrated by using netcat to send the empty request.\n (CVE-2007-6286)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.26\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 5.5.26 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2007-5333\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22, 200, 264);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"5.5.26\", min:\"5.5.0\", severity:SECURITY_WARNING, granularity_regex:\"^5(\\.5)?$\");\n\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T14:29:40", "description": "Updated tomcat packages that fix two security issues and a packaging bug are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and JavaServer Pages (JSP) technologies.\n\nSome JSPs within the 'examples' web application did not escape user provided data. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks (CVE-2007-2449).\n\nNote: it is recommended the 'examples' web application not be installed on a production system.\n\nThe Manager and Host Manager web applications did not escape user provided data. If a user is logged in to the Manager or Host Manager web application, an attacker could perform a cross-site scripting attack (CVE-2007-2450).\n\nUsers of Tomcat should update to these erratum packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2007-07-18T00:00:00", "type": "nessus", "title": "RHEL 5 : tomcat (RHSA-2007:0569)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2449", "CVE-2007-2450"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat5", "p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2007-0569.NASL", "href": "https://www.tenable.com/plugins/nessus/25724", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0569. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25724);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2449\", \"CVE-2007-2450\");\n script_bugtraq_id(24475, 24476);\n script_xref(name:\"RHSA\", value:\"2007:0569\");\n\n script_name(english:\"RHEL 5 : tomcat (RHSA-2007:0569)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat packages that fix two security issues and a packaging\nbug are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and JavaServer Pages\n(JSP) technologies.\n\nSome JSPs within the 'examples' web application did not escape user\nprovided data. If the JSP examples were accessible, this flaw could\nallow a remote attacker to perform cross-site scripting attacks\n(CVE-2007-2449).\n\nNote: it is recommended the 'examples' web application not be\ninstalled on a production system.\n\nThe Manager and Host Manager web applications did not escape user\nprovided data. If a user is logged in to the Manager or Host Manager\nweb application, an attacker could perform a cross-site scripting\nattack (CVE-2007-2450).\n\nUsers of Tomcat should update to these erratum packages, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2449\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-5.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0569\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0569\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-common-lib-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-common-lib-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-common-lib-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-server-lib-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-server-lib-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-server-lib-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-webapps-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-webapps-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-webapps-5.5.23-0jpp.1.0.4.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:29:36", "description": "Updated tomcat packages that fix two security issues and a packaging bug are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and JavaServer Pages (JSP) technologies.\n\nSome JSPs within the 'examples' web application did not escape user provided data. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks (CVE-2007-2449).\n\nNote: it is recommended the 'examples' web application not be installed on a production system.\n\nThe Manager and Host Manager web applications did not escape user provided data. If a user is logged in to the Manager or Host Manager web application, an attacker could perform a cross-site scripting attack (CVE-2007-2450).\n\nUsers of Tomcat should update to these erratum packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2007-07-27T00:00:00", "type": "nessus", "title": "CentOS 5 : tomcat (CESA-2007:0569)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2449", "CVE-2007-2450"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat5", "p-cpe:/a:centos:centos:tomcat5-admin-webapps", "p-cpe:/a:centos:centos:tomcat5-common-lib", "p-cpe:/a:centos:centos:tomcat5-jasper", "p-cpe:/a:centos:centos:tomcat5-jasper-javadoc", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:centos:centos:tomcat5-server-lib", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:centos:centos:tomcat5-webapps", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2007-0569.NASL", "href": "https://www.tenable.com/plugins/nessus/25777", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0569 and \n# CentOS Errata and Security Advisory 2007:0569 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25777);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-2449\", \"CVE-2007-2450\");\n script_bugtraq_id(24475, 24476);\n script_xref(name:\"RHSA\", value:\"2007:0569\");\n\n script_name(english:\"CentOS 5 : tomcat (CESA-2007:0569)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat packages that fix two security issues and a packaging\nbug are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and JavaServer Pages\n(JSP) technologies.\n\nSome JSPs within the 'examples' web application did not escape user\nprovided data. If the JSP examples were accessible, this flaw could\nallow a remote attacker to perform cross-site scripting attacks\n(CVE-2007-2449).\n\nNote: it is recommended the 'examples' web application not be\ninstalled on a production system.\n\nThe Manager and Host Manager web applications did not escape user\nprovided data. If a user is logged in to the Manager or Host Manager\nweb application, an attacker could perform a cross-site scripting\nattack (CVE-2007-2450).\n\nUsers of Tomcat should update to these erratum packages, which contain\nbackported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-July/014067.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e099de5b\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-July/014068.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8de0b974\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-webapps-5.5.23-0jpp.1.0.4.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:49:44", "description": "From Red Hat Security Advisory 2007:0569 :\n\nUpdated tomcat packages that fix two security issues and a packaging bug are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and JavaServer Pages (JSP) technologies.\n\nSome JSPs within the 'examples' web application did not escape user provided data. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks (CVE-2007-2449).\n\nNote: it is recommended the 'examples' web application not be installed on a production system.\n\nThe Manager and Host Manager web applications did not escape user provided data. If a user is logged in to the Manager or Host Manager web application, an attacker could perform a cross-site scripting attack (CVE-2007-2450).\n\nUsers of Tomcat should update to these erratum packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : tomcat (ELSA-2007-0569)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2449", "CVE-2007-2450"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat5", "p-cpe:/a:oracle:linux:tomcat5-admin-webapps", "p-cpe:/a:oracle:linux:tomcat5-common-lib", "p-cpe:/a:oracle:linux:tomcat5-jasper", "p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-server-lib", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-webapps", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2007-0569.NASL", "href": "https://www.tenable.com/plugins/nessus/67536", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0569 and \n# Oracle Linux Security Advisory ELSA-2007-0569 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67536);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2449\", \"CVE-2007-2450\");\n script_bugtraq_id(24475, 24476);\n script_xref(name:\"RHSA\", value:\"2007:0569\");\n\n script_name(english:\"Oracle Linux 5 : tomcat (ELSA-2007-0569)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0569 :\n\nUpdated tomcat packages that fix two security issues and a packaging\nbug are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and JavaServer Pages\n(JSP) technologies.\n\nSome JSPs within the 'examples' web application did not escape user\nprovided data. If the JSP examples were accessible, this flaw could\nallow a remote attacker to perform cross-site scripting attacks\n(CVE-2007-2449).\n\nNote: it is recommended the 'examples' web application not be\ninstalled on a production system.\n\nThe Manager and Host Manager web applications did not escape user\nprovided data. If a user is logged in to the Manager or Host Manager\nweb application, an attacker could perform a cross-site scripting\nattack (CVE-2007-2450).\n\nUsers of Tomcat should update to these erratum packages, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-July/000269.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-webapps-5.5.23-0jpp.1.0.4.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:35:51", "description": "The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.4. \n\nMac OS X 10.5.4 contains security fixes for multiple components.", "cvss3": {}, "published": "2008-07-01T00:00:00", "type": "nessus", "title": "Mac OS X 10.5.x < 10.5.4 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-3164", "CVE-2007-1355", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3383", "CVE-2007-3385", "CVE-2007-5333", "CVE-2007-5461", "CVE-2007-6276", "CVE-2008-0960", "CVE-2008-1105", "CVE-2008-1145", "CVE-2008-2307", "CVE-2008-2308", "CVE-2008-2309", "CVE-2008-2310", "CVE-2008-2311", "CVE-2008-2313", "CVE-2008-2314", "CVE-2008-2662", "CVE-2008-2663", "CVE-2008-2664", "CVE-2008-2725", "CVE-2008-2726"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_5_4.NASL", "href": "https://www.tenable.com/plugins/nessus/33281", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif ( NASL_LEVEL < 3004 ) exit(0);\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33281);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2005-3164\", \"CVE-2007-1355\", \"CVE-2007-2449\", \"CVE-2007-2450\", \"CVE-2007-3382\",\n \"CVE-2007-3383\", \"CVE-2007-3385\", \"CVE-2007-5333\", \"CVE-2007-5461\", \"CVE-2007-6276\",\n \"CVE-2008-0960\", \"CVE-2008-1105\", \"CVE-2008-1145\", \"CVE-2008-2307\", \"CVE-2008-2308\",\n \"CVE-2008-2309\", \"CVE-2008-2310\", \"CVE-2008-2311\", \"CVE-2008-2313\", \"CVE-2008-2314\",\n \"CVE-2008-2662\", \"CVE-2008-2663\", \"CVE-2008-2664\", \"CVE-2008-2725\", \"CVE-2008-2726\");\n script_bugtraq_id(15003, 24058, 24475, 24476, 24999, 25316, 26070, 26699, 27706,\n 28123, 29404, 29623, 29836, 30018);\n script_xref(name:\"Secunia\", value:\"30802\");\n\n script_name(english:\"Mac OS X 10.5.x < 10.5.4 Multiple Vulnerabilities\");\n script_summary(english:\"Check the version of Mac OS X\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.5.x that is prior\nto 10.5.4. \n\nMac OS X 10.5.4 contains security fixes for multiple components.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT2163\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2008/Jun/msg00002.html\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mac OS X 10.5.4 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(22, 59, 79, 119, 134, 189, 200, 264, 287, 362, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/07/01\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2008/06/30\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n exit(0);\n}\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) os = get_kb_item(\"Host/OS\");\nif (!os) exit(0);\n\nif (ereg(pattern:\"Mac OS X 10\\.5\\.[0-3]([^0-9]|$)\", string:os)) security_hole(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:36:22", "description": "The remote host is running a version of Mac OS X 10.4 that does not have the security update 2008-004 applied. \n\nThis update contains security fixes for a number of programs.", "cvss3": {}, "published": "2008-07-01T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2008-004)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-3164", "CVE-2007-1355", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3383", "CVE-2007-3385", "CVE-2007-5333", "CVE-2007-5461", "CVE-2007-6276", "CVE-2008-0960", "CVE-2008-1105", "CVE-2008-1145", "CVE-2008-2307", "CVE-2008-2308", "CVE-2008-2309", "CVE-2008-2310", "CVE-2008-2311", "CVE-2008-2313", "CVE-2008-2314", "CVE-2008-2662", "CVE-2008-2663", "CVE-2008-2664", "CVE-2008-2725", "CVE-2008-2726"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2008-004.NASL", "href": "https://www.tenable.com/plugins/nessus/33282", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif ( NASL_LEVEL < 3004 ) exit(0);\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33282);\n script_version(\"1.26\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2005-3164\", \"CVE-2007-1355\", \"CVE-2007-2449\", \"CVE-2007-2450\", \"CVE-2007-3382\",\n \"CVE-2007-3383\", \"CVE-2007-3385\", \"CVE-2007-5333\", \"CVE-2007-5461\", \"CVE-2007-6276\",\n \"CVE-2008-0960\", \"CVE-2008-1105\", \"CVE-2008-1145\", \"CVE-2008-2307\", \"CVE-2008-2308\",\n \"CVE-2008-2309\", \"CVE-2008-2310\", \"CVE-2008-2311\", \"CVE-2008-2313\", \"CVE-2008-2314\",\n \"CVE-2008-2662\", \"CVE-2008-2663\", \"CVE-2008-2664\", \"CVE-2008-2725\", \"CVE-2008-2726\");\n script_bugtraq_id(15003, 24058, 24475, 24476, 24999, 25316, 26070, 26699, 27706, 28123, 29404, 29623, 29836, 30018);\n script_xref(name:\"Secunia\", value:\"30802\");\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2008-004)\");\n script_summary(english:\"Check for the presence of Security Update 2008-004\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.4 that does not\nhave the security update 2008-004 applied. \n\nThis update contains security fixes for a number of programs.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT2163\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2008/Jun/msg00002.html\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2008-004 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(22, 59, 79, 119, 134, 189, 200, 264, 287, 362, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/07/01\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2008/06/30\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n exit(0);\n}\n\n#\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(0);\n\nif (egrep(pattern:\"Darwin.* (8\\.[0-9]\\.|8\\.1[01]\\.)\", string:uname))\n{\n packages = get_kb_item(\"Host/MacOSX/packages\");\n if (!packages) exit(0);\n\n if (!egrep(pattern:\"^SecUpd(Srvr)?(2008-00[4-8]|2009-|20[1-9][0-9]-)\", string:packages))\n security_hole(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:22:54", "description": "The remote host is running a version of Mac OS X 10.5 that is older than version 10.5.4. Mac OS X 10.5.4 contains security fixes for a number of programs.", "cvss3": {}, "published": "2004-08-18T00:00:00", "type": "nessus", "title": "Mac OS X < 10.5.4 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-3164", "CVE-2007-1355", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3383", "CVE-2007-3385", "CVE-2007-5333", "CVE-2007-5461", "CVE-2007-6276", "CVE-2008-0960", "CVE-2008-1105", "CVE-2008-1145", "CVE-2008-2307", "CVE-2008-2308", "CVE-2008-2309", "CVE-2008-2310", "CVE-2008-2311", "CVE-2008-2313", "CVE-2008-2314", "CVE-2008-2662", "CVE-2008-2663", "CVE-2008-2664", "CVE-2008-2725", "CVE-2008-2726"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"], "id": "4564.PRM", "href": "https://www.tenable.com/plugins/nnm/4564", "sourceData": "Binary data 4564.prm", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:12:31", "description": "According to its self-reported version number, the instance of Apache Tomcat listening on the remote host is prior to 6.0.16. It is, therefore, affected by multiple vulnerabilities :\n\n - The remote Apache Tomcat install may be vulnerable to an information disclosure attack via cookies. The previous fix for CVE-2007-3385 was incomplete and did not account for the use of quotes or '%5C' in cookie values.\n (CVE-2007-3385, CVE-2007-5333)\n\n - The default security policy in the JULI logging component did not restrict access permissions to files.\n This could be misused by untrusted web applications to access and write arbitrary files in the context of the Tomcat process. (CVE-2007-5342)\n\n - A directory traversal vulnerability existed in the Apache Tomcat webdav servlet. In some configurations it allowed remote, authenticated users to read files accessible to the local tomcat process. (CVE-2007-5461)\n\n - When the native APR connector is used, it does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of a duplicate copy of one of the recent requests, as demonstrated by using netcat to send the empty request.\n (CVE-2007-6286)\n\n - If the processing or parameters is interrupted, i.e. by an exception, then it is possible for the parameters to be processed as part of later request. (CVE-2008-0002)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2010-07-01T00:00:00", "type": "nessus", "title": "Apache Tomcat < 6.0.16 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3385", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-6286", "CVE-2008-0002"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_6_0_16.NASL", "href": "https://www.tenable.com/plugins/nessus/47577", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47577);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2007-5333\",\n \"CVE-2007-5342\",\n \"CVE-2007-5461\",\n \"CVE-2007-6286\",\n \"CVE-2008-0002\"\n );\n script_bugtraq_id(\n 26070,\n 27006,\n 27706,\n 49470\n );\n script_xref(name:\"SECUNIA\", value:\"27398\");\n script_xref(name:\"SECUNIA\", value:\"28274\");\n script_xref(name:\"SECUNIA\", value:\"28878\");\n script_xref(name:\"SECUNIA\", value:\"28834\");\n\n script_name(english:\"Apache Tomcat < 6.0.16 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat listening on the remote host is prior to 6.0.16. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - The remote Apache Tomcat install may be vulnerable to an\n information disclosure attack via cookies. The previous\n fix for CVE-2007-3385 was incomplete and did not account\n for the use of quotes or '%5C' in cookie values.\n (CVE-2007-3385, CVE-2007-5333)\n\n - The default security policy in the JULI logging\n component did not restrict access permissions to files.\n This could be misused by untrusted web applications to\n access and write arbitrary files in the context of the\n Tomcat process. (CVE-2007-5342)\n\n - A directory traversal vulnerability existed in the\n Apache Tomcat webdav servlet. In some configurations\n it allowed remote, authenticated users to read files\n accessible to the local tomcat process. (CVE-2007-5461)\n\n - When the native APR connector is used, it does not\n properly handle an empty request to the SSL port, which\n allows remote attackers to trigger handling of a\n duplicate copy of one of the recent requests, as\n demonstrated by using netcat to send the empty request.\n (CVE-2007-6286)\n\n - If the processing or parameters is interrupted, i.e. by\n an exception, then it is possible for the parameters to\n be processed as part of later request. (CVE-2008-0002)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.16\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 6.0.16 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2007-5333\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22, 200, 264);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"6.0.16\", min:\"6.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^6(\\.0)?$\");\n\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T14:28:14", "description": "According to its self-reported version number, the instance of Apache Tomcat listening on the remote host is prior to 6.0.16. It is, therefore, affected by multiple vulnerabilities :\n\n- The remote Apache Tomcat install may be vulnerable to an information disclosure attack via cookies. The previous fix for CVE-2007-3385 was incomplete and did not account for the use of quotes or '%5C' in cookie values. (CVE-2007-3385, CVE-2007-5333)\n - The default security policy in the JULI logging component did not restrict access permissions to files.\nThis could be misused by untrusted web applications to access and write arbitrary files in the context of the Tomcat process. (CVE-2007-5342)\n\n - A directory traversal vulnerability existed in the Apache Tomcat webdav servlet. In some configurations it allowed remote, authenticated users to read files accessible to the local tomcat process. (CVE-2007-5461)\n\n - When the native APR connector is used, it does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of a duplicate copy of one of the recent requests, as demonstrated by using netcat to send the empty request. (CVE-2007-6286)\n\n - If the processing or parameters is interrupted, i.e. by an exception, then it is possible for the parameters to be processed as part of later request. (CVE-2008-0002)\n\nNote that Nessus Network Monitor has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2008-02-08T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.16 Information Disclosure", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3385", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-6286", "CVE-2008-0002"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "4368.PASL", "href": "https://www.tenable.com/plugins/nnm/4368", "sourceData": "Binary data 4368.pasl", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T14:48:15", "description": "From Red Hat Security Advisory 2007:0871 :\n\nUpdated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and Java Server Pages technologies.\n\nTomcat was found treating single quote characters -- ' -- as delimiters in cookies. This could allow remote attackers to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3382).\n\nIt was reported Tomcat did not properly handle the following character sequence in a cookie: \\' (a backslash followed by a double-quote). It was possible remote attackers could use this failure to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3385).\n\nA cross-site scripting (XSS) vulnerability existed in the Host Manager Servlet. This allowed remote attackers to inject arbitrary HTML and web script via crafted requests (CVE-2007-3386).\n\nUsers of Tomcat should update to these erratum packages, which contain backported patches and are not vulnerable to these issues.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : tomcat (ELSA-2007-0871)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat5", "p-cpe:/a:oracle:linux:tomcat5-admin-webapps", "p-cpe:/a:oracle:linux:tomcat5-common-lib", "p-cpe:/a:oracle:linux:tomcat5-jasper", "p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-server-lib", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-webapps", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2007-0871.NASL", "href": "https://www.tenable.com/plugins/nessus/67564", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0871 and \n# Oracle Linux Security Advisory ELSA-2007-0871 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67564);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\");\n script_bugtraq_id(25316);\n script_xref(name:\"RHSA\", value:\"2007:0871\");\n\n script_name(english:\"Oracle Linux 5 : tomcat (ELSA-2007-0871)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0871 :\n\nUpdated tomcat packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and Java Server Pages\ntechnologies.\n\nTomcat was found treating single quote characters -- ' -- as\ndelimiters in cookies. This could allow remote attackers to obtain\nsensitive information, such as session IDs, for session hijacking\nattacks (CVE-2007-3382).\n\nIt was reported Tomcat did not properly handle the following character\nsequence in a cookie: \\' (a backslash followed by a double-quote). It\nwas possible remote attackers could use this failure to obtain\nsensitive information, such as session IDs, for session hijacking\nattacks (CVE-2007-3385).\n\nA cross-site scripting (XSS) vulnerability existed in the Host Manager\nServlet. This allowed remote attackers to inject arbitrary HTML and\nweb script via crafted requests (CVE-2007-3386).\n\nUsers of Tomcat should update to these erratum packages, which contain\nbackported patches and are not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-September/000337.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-webapps-5.5.23-0jpp.3.0.2.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:56:39", "description": "Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and Java Server Pages technologies.\n\nTomcat was found treating single quote characters -- ' -- as delimiters in cookies. This could allow remote attackers to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3382).\n\nIt was reported Tomcat did not properly handle the following character sequence in a cookie: \\' (a backslash followed by a double-quote). It was possible remote attackers could use this failure to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3385).\n\nA cross-site scripting (XSS) vulnerability existed in the Host Manager Servlet. This allowed remote attackers to inject arbitrary HTML and web script via crafted requests (CVE-2007-3386).\n\nUsers of Tomcat should update to these erratum packages, which contain backported patches and are not vulnerable to these issues.", "cvss3": {}, "published": "2010-01-06T00:00:00", "type": "nessus", "title": "CentOS 5 : tomcat (CESA-2007:0871)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat5", "p-cpe:/a:centos:centos:tomcat5-admin-webapps", "p-cpe:/a:centos:centos:tomcat5-common-lib", "p-cpe:/a:centos:centos:tomcat5-jasper", "p-cpe:/a:centos:centos:tomcat5-jasper-javadoc", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:centos:centos:tomcat5-server-lib", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:centos:centos:tomcat5-webapps", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2007-0871.NASL", "href": "https://www.tenable.com/plugins/nessus/43651", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0871 and \n# CentOS Errata and Security Advisory 2007:0871 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43651);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\");\n script_bugtraq_id(25316);\n script_xref(name:\"RHSA\", value:\"2007:0871\");\n\n script_name(english:\"CentOS 5 : tomcat (CESA-2007:0871)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and Java Server Pages\ntechnologies.\n\nTomcat was found treating single quote characters -- ' -- as\ndelimiters in cookies. This could allow remote attackers to obtain\nsensitive information, such as session IDs, for session hijacking\nattacks (CVE-2007-3382).\n\nIt was reported Tomcat did not properly handle the following character\nsequence in a cookie: \\' (a backslash followed by a double-quote). It\nwas possible remote attackers could use this failure to obtain\nsensitive information, such as session IDs, for session hijacking\nattacks (CVE-2007-3385).\n\nA cross-site scripting (XSS) vulnerability existed in the Host Manager\nServlet. This allowed remote attackers to inject arbitrary HTML and\nweb script via crafted requests (CVE-2007-3386).\n\nUsers of Tomcat should update to these erratum packages, which contain\nbackported patches and are not vulnerable to these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-September/014257.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ffe1d9a4\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-September/014258.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bf8e66f1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-webapps-5.5.23-0jpp.3.0.2.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:30:33", "description": "Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and Java Server Pages technologies.\n\nTomcat was found treating single quote characters -- ' -- as delimiters in cookies. This could allow remote attackers to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3382).\n\nIt was reported Tomcat did not properly handle the following character sequence in a cookie: \\' (a backslash followed by a double-quote). It was possible remote attackers could use this failure to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3385).\n\nA cross-site scripting (XSS) vulnerability existed in the Host Manager Servlet. This allowed remote attackers to inject arbitrary HTML and web script via crafted requests (CVE-2007-3386).\n\nUsers of Tomcat should update to these erratum packages, which contain backported patches and are not vulnerable to these issues.", "cvss3": {}, "published": "2007-09-26T00:00:00", "type": "nessus", "title": "RHEL 5 : tomcat (RHSA-2007:0871)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat5", "p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2007-0871.NASL", "href": "https://www.tenable.com/plugins/nessus/26190", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0871. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(26190);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\");\n script_bugtraq_id(25316);\n script_xref(name:\"RHSA\", value:\"2007:0871\");\n\n script_name(english:\"RHEL 5 : tomcat (RHSA-2007:0871)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and Java Server Pages\ntechnologies.\n\nTomcat was found treating single quote characters -- ' -- as\ndelimiters in cookies. This could allow remote attackers to obtain\nsensitive information, such as session IDs, for session hijacking\nattacks (CVE-2007-3382).\n\nIt was reported Tomcat did not properly handle the following character\nsequence in a cookie: \\' (a backslash followed by a double-quote). It\nwas possible remote attackers could use this failure to obtain\nsensitive information, such as session IDs, for session hijacking\nattacks (CVE-2007-3385).\n\nA cross-site scripting (XSS) vulnerability existed in the Host Manager\nServlet. This allowed remote attackers to inject arbitrary HTML and\nweb script via crafted requests (CVE-2007-3386).\n\nUsers of Tomcat should update to these erratum packages, which contain\nbackported patches and are not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-5.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0871\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0871\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-common-lib-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-server-lib-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-webapps-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-webapps-5.5.23-0jpp.3.0.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-webapps-5.5.23-0jpp.3.0.2.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:29:55", "description": "The remote host is running the Apache Tomcat server. This version of Tomcat is vulnerable to two distinct classes of flaws. First, the application is vulnerable to a Cross-Site Scripting flaw in the 'aliases' parameter of the '/host-manager/html/add' script. Second, the application is vulnerable to a number of flaws that would reveal sensitive information. An attacker exploiting these flaws would be able to either execute code within client browsers or gain information that would be useful for further attacks against Tomcat. ", "cvss3": {}, "published": "2007-08-14T00:00:00", "type": "nessus", "title": "Apache Tomcat < 5.5.25 / 6.0.x < 6.0.14 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "4167.PRM", "href": "https://www.tenable.com/plugins/nnm/4167", "sourceData": "Binary data 4167.prm", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:10:34", "description": "Websphere has been updated to version 2.1.0.1 to fix several security vulnerabilities in the included subprojects, such as Apache Geronimo and Tomcat. (CVE-2007-0184 / CVE-2007-0185 / CVE-2007-2377 / CVE-2007-2449 / CVE-2007-2450 / CVE-2007-3382 / CVE-2007-3385 / CVE-2007-3386 / CVE-2007-5333 / CVE-2007-5342 / CVE-2007-5461 / CVE-2007-5613 / CVE-2007-5615 / CVE-2007-6286 / CVE-2008-0002 / CVE-2008-1232 / CVE-2008-1947 / CVE-2008-2370 / CVE-2008-2938)", "cvss3": {}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Websphere Community Edition (ZYPP Patch Number 5850)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0184", "CVE-2007-0185", "CVE-2007-2377", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-5613", "CVE-2007-5615", "CVE-2007-6286", "CVE-2008-0002", "CVE-2008-1232", "CVE-2008-1947", "CVE-2008-2370", "CVE-2008-2938"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_WEBSPHERE-AS_CE-5850.NASL", "href": "https://www.tenable.com/plugins/nessus/41596", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41596);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-0184\", \"CVE-2007-0185\", \"CVE-2007-2377\", \"CVE-2007-2449\", \"CVE-2007-2450\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\", \"CVE-2007-5333\", \"CVE-2007-5342\", \"CVE-2007-5461\", \"CVE-2007-5613\", \"CVE-2007-5615\", \"CVE-2007-6286\", \"CVE-2008-0002\", \"CVE-2008-1232\", \"CVE-2008-1947\", \"CVE-2008-2370\", \"CVE-2008-2938\");\n\n script_name(english:\"SuSE 10 Security Update : Websphere Community Edition (ZYPP Patch Number 5850)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Websphere has been updated to version 2.1.0.1 to fix several security\nvulnerabilities in the included subprojects, such as Apache Geronimo\nand Tomcat. (CVE-2007-0184 / CVE-2007-0185 / CVE-2007-2377 /\nCVE-2007-2449 / CVE-2007-2450 / CVE-2007-3382 / CVE-2007-3385 /\nCVE-2007-3386 / CVE-2007-5333 / CVE-2007-5342 / CVE-2007-5461 /\nCVE-2007-5613 / CVE-2007-5615 / CVE-2007-6286 / CVE-2008-0002 /\nCVE-2008-1232 / CVE-2008-1947 / CVE-2008-2370 / CVE-2008-2938)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-0184.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-0185.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2377.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2449.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2450.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3382.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3385.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3386.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5333.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5342.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5461.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5613.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5615.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6286.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1232.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1947.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2370.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2938.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5850.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(22, 79, 94, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"websphere-as_ce-2.1.0.1-3.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:30:40", "description": "The remote web server includes an example JSP application that fails to sanitize user-supplied input before using it to generate dynamic content in the 'examples/SendMailServlet' servlet. An unauthenticated remote attacker can exploit this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.", "cvss3": {}, "published": "2007-09-06T00:00:00", "type": "nessus", "title": "Apache Tomcat SendMailServlet sendmail.jsp 'mailfrom' Parameter XSS", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3383"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_SAMPLE_SENDMAIL_XSS.NASL", "href": "https://www.tenable.com/plugins/nessus/25995", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25995);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2007-3383\");\n script_bugtraq_id(24999);\n\n script_name(english:\"Apache Tomcat SendMailServlet sendmail.jsp 'mailfrom' Parameter XSS\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a JSP application that is affected by a\ncross-site scripting vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote web server includes an example JSP application that fails\nto sanitize user-supplied input before using it to generate dynamic\ncontent in the 'examples/SendMailServlet' servlet. An unauthenticated\nremote attacker can exploit this issue to inject arbitrary HTML or\nscript code into a user's browser to be executed within the security\ncontext of the affected site.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2007/Jul/448\");\n script_set_attribute(attribute:\"solution\", value:\n\"Undeploy the Tomcat examples web application.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"cross_site_scripting.nasl\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n script_require_ports(\"Services/www\", 8080);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"url_func.inc\");\ninclude(\"audit.inc\");\ninclude(\"install_func.inc\");\n\nget_install_count(app_name:\"Apache Tomcat\", exit_if_zero:TRUE);\nport = get_http_port(default:8080);\ninstall = get_single_install(app_name:\"Apache Tomcat\", port:port);\n\nget_kb_item_or_exit(\"www/\"+port+\"/generic_xss\");\n\n# Make sure the affected script exists.\nurl = \"/examples/SendMailServlet\";\nw = http_send_recv3(method:\"GET\", item:url, port:port);\nif (isnull(w)) exit(1, \"the web server did not answer\");\nres = w[2];\n\n\n# If it does...\nif (\"HTTP Status 405 - HTTP method GET is not supported\" >< res)\n{\n # Send a request to exploit the flaw.\n xss = raw_string(\"<script>alert(\", SCRIPT_NAME, \")</script>\");\n postdata = string(\n \"mailfrom=\", urlencode(str:xss), \"&\",\n \"mailto=&\",\n \"mailsubject=&\",\n \"mailcontent=\"\n );\n w = http_send_recv3(method: \"POST\", item: url, port: port,\n content_type: \"application/x-www-form-urlencoded\",\n data: postdata);\n if (isnull(w)) exit(1, \"the web server did not answer\");\n res = w[2];\n\n # There's a problem if our exploit appears in the exception message.\n if (string(\"Extra route-addr in string ``\", xss, \"'' at\") >< res)\n {\n security_warning(port);\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:33:42", "description": "The remote host is affected by the vulnerability described in GLSA-200804-10 (Tomcat: Multiple vulnerabilities)\n\n The following vulnerabilities were reported:\n Delian Krustev discovered that the JULI logging component does not properly enforce access restrictions, allowing web application to add or overwrite files (CVE-2007-5342).\n When the native APR connector is used, Tomcat does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of a duplicate copy of one of the recent requests (CVE-2007-6286).\n If the processing or parameters is interrupted, i.e. by an exception, then it is possible for the parameters to be processed as part of later request (CVE-2008-0002).\n An absolute path traversal vulnerability exists due to the way that WebDAV write requests are handled (CVE-2007-5461).\n Tomcat does not properly handle double quote (') characters or %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks (CVE-2007-5333).\n Impact :\n\n These vulnerabilities can be exploited by:\n a malicious web application to add or overwrite files with the permissions of the user running Tomcat.\n a remote attacker to conduct session hijacking or disclose sensitive data.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2008-04-17T00:00:00", "type": "nessus", "title": "GLSA-200804-10 : Tomcat: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-6286", "CVE-2008-0002"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:tomcat", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200804-10.NASL", "href": "https://www.tenable.com/plugins/nessus/31957", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200804-10.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31957);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-5333\", \"CVE-2007-5342\", \"CVE-2007-5461\", \"CVE-2007-6286\", \"CVE-2008-0002\");\n script_xref(name:\"GLSA\", value:\"200804-10\");\n\n script_name(english:\"GLSA-200804-10 : Tomcat: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200804-10\n(Tomcat: Multiple vulnerabilities)\n\n The following vulnerabilities were reported:\n Delian Krustev discovered that the JULI logging component does not\n properly enforce access restrictions, allowing web application to add\n or overwrite files (CVE-2007-5342).\n When the native APR connector is used, Tomcat does not properly handle\n an empty request to the SSL port, which allows remote attackers to\n trigger handling of a duplicate copy of one of the recent requests\n (CVE-2007-6286).\n If the processing or parameters is interrupted, i.e. by an exception,\n then it is possible for the parameters to be processed as part of later\n request (CVE-2008-0002).\n An absolute path traversal vulnerability exists due to the way that\n WebDAV write requests are handled (CVE-2007-5461).\n Tomcat does not properly handle double quote (') characters or %5C\n (encoded backslash) sequences in a cookie value, which might cause\n sensitive information such as session IDs to be leaked to remote\n attackers and enable session hijacking attacks\n (CVE-2007-5333).\n \nImpact :\n\n These vulnerabilities can be exploited by:\n a malicious web application to add or overwrite files with the\n permissions of the user running Tomcat.\n a remote attacker to conduct session hijacking or disclose sensitive\n data.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200804-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Tomcat 5.5.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-5.5.26'\n All Tomcat 6.0.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-6.0.16'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/17\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/10/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/tomcat\", unaffected:make_list(\"rge 5.5.26\", \"ge 6.0.16\", \"rge 5.5.27\"), vulnerable:make_list(\"lt 6.0.16\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Tomcat\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T14:28:28", "description": "Some JSPs within the 'examples' web application did not escape user provided data. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks (CVE-2007-2449).\n\nNote: it is recommended the 'examples' web application not be installed on a production system.\n\nThe Manager and Host Manager web applications did not escape user provided data. If a user is logged in to the Manager or Host Manager web application, an attacker could perform a cross-site scripting attack (CVE-2007-2450).\n\nTomcat was found to accept multiple content-length headers in a request. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. (CVE-2005-2090)\n\nTomcat permitted various characters as path delimiters. If Tomcat was used behind certain proxies and configured to only proxy some contexts, an attacker could construct an HTTP request to work around the context restriction and potentially access non-proxied content.\n(CVE-2007-0450)\n\nThe implict-objects.jsp file distributed in the examples webapp displayed a number of unfiltered header values. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks. (CVE-2006-7195)", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2090", "CVE-2006-7195", "CVE-2007-0450", "CVE-2007-2449", "CVE-2007-2450"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20070717_TOMCAT_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60227", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60227);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-2090\", \"CVE-2006-7195\", \"CVE-2007-0450\", \"CVE-2007-2449\", \"CVE-2007-2450\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Some JSPs within the 'examples' web application did not escape user\nprovided data. If the JSP examples were accessible, this flaw could\nallow a remote attacker to perform cross-site scripting attacks\n(CVE-2007-2449).\n\nNote: it is recommended the 'examples' web application not be\ninstalled on a production system.\n\nThe Manager and Host Manager web applications did not escape user\nprovided data. If a user is logged in to the Manager or Host Manager\nweb application, an attacker could perform a cross-site scripting\nattack (CVE-2007-2450).\n\nTomcat was found to accept multiple content-length headers in a\nrequest. This could allow attackers to poison a web-cache, bypass web\napplication firewall protection, or conduct cross-site scripting\nattacks. (CVE-2005-2090)\n\nTomcat permitted various characters as path delimiters. If Tomcat was\nused behind certain proxies and configured to only proxy some\ncontexts, an attacker could construct an HTTP request to work around\nthe context restriction and potentially access non-proxied content.\n(CVE-2007-0450)\n\nThe implict-objects.jsp file distributed in the examples webapp\ndisplayed a number of unfiltered header values. If the JSP examples\nwere accessible, this flaw could allow a remote attacker to perform\ncross-site scripting attacks. (CVE-2006-7195)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0709&L=scientific-linux-errata&T=0&P=1147\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fed9dabd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"jakarta-commons-modeler-1.1-8jpp.1.0.2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"jakarta-commons-modeler-javadoc-1.1-8jpp.1.0.2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"tomcat5-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"tomcat5-5.5.23-0jpp.1.0.4\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.1.0.4\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"tomcat5-common-lib-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"tomcat5-common-lib-5.5.23-0jpp.1.0.4\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"tomcat5-jasper-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-5.5.23-0jpp.1.0.4\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.4\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.4\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.4\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"tomcat5-server-lib-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"tomcat5-server-lib-5.5.23-0jpp.1.0.4\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.4\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.4\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"tomcat5-webapps-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"tomcat5-webapps-5.5.23-0jpp.1.0.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:28:24", "description": "The remote web server includes an example JSP application that fails to sanitize user-supplied input before using it to generate dynamic content in an error page. An unauthenticated, remote attacker can exploit this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.", "cvss3": {}, "published": "2007-05-21T00:00:00", "type": "nessus", "title": "Tomcat Sample App hello.jsp 'test' Parameter XSS", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1355"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_SAMPLE_HELLO_XSS.NASL", "href": "https://www.tenable.com/plugins/nessus/25289", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25289);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2007-1355\");\n script_bugtraq_id(24058);\n\n script_name(english:\"Tomcat Sample App hello.jsp 'test' Parameter XSS\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a JSP application that is affected by a\ncross-site scripting vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote web server includes an example JSP application that fails\nto sanitize user-supplied input before using it to generate dynamic\ncontent in an error page. An unauthenticated, remote attacker can\nexploit this issue to inject arbitrary HTML or script code into a\nuser's browser to be executed within the security context of the\naffected site.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/469067/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Undeploy the Tomcat documentation web application.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/05/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"cross_site_scripting.nasl\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n script_require_ports(\"Services/www\", 8080);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"install_func.inc\");\n\nget_install_count(app_name:\"Apache Tomcat\", exit_if_zero:TRUE);\nport = get_http_port(default:8080);\ninstall = get_single_install(app_name:\"Apache Tomcat\", port:port);\n\nget_kb_item_or_exit(\"www/\"+port+\"/generic_xss\");\n\n# Send a request to exploit the flaw.\nxss = raw_string(\"<script>alert(\", SCRIPT_NAME, \")</script>\");\nexploit = string(\"test=\", xss);\n\nurl = string(\"/tomcat-docs/appdev/sample/web/hello.jsp?\", exploit);\nw = http_send_recv3(method:\"GET\", item:url, port:port, exit_on_fail:TRUE);\nres = w[2];\n\nif (\n \"<title>Sample Application JSP Page</title>\" >< res &&\n \">Query String:<\" >< res\n)\n{\n # There's a problem if our exploit appears in the query string; eg,\n # <tr>\n # <th align=\"right\">Query String:</th>\n # <td align=\"left\">nessus=<script>alert(tomcat_sample_hello_xss.nasl)</script></td>\n # </tr>\n qstr = strstr(res, \">Query String:<\");\n qstr = qstr - strstr(qstr, \"</tr>\");\n qstr = strstr(qstr, \"<td\");\n qstr = qstr - strstr(qstr, \"</td>\");\n # nb: qstr includes some extra markup.\n if (string(\">\", exploit) >< qstr)\n {\n if (report_verbosity > 0)\n {\n report = \n '\\n' + 'Nessus was able to exploit the issue using the following URL :' +\n '\\n' +\n '\\n ' + build_url(port:port, qs:url) + '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:29:33", "description": "The Apache Project reports :\n\nThe JSP and Servlet included in the sample application within the Tomcat documentation webapp did not escape user provided data before including it in the output. This enabled a XSS attack. These pages have been simplified not to use any user provided data in the output.", "cvss3": {}, "published": "2007-07-27T00:00:00", "type": "nessus", "title": "FreeBSD : tomcat -- XSS vulnerability in sample applications (ab2575d6-39f0-11dc-b8cc-000fea449b8a)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1355"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:apache-tomcat", "p-cpe:/a:freebsd:freebsd:jakarta-tomcat", "p-cpe:/a:freebsd:freebsd:tomcat", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_AB2575D639F011DCB8CC000FEA449B8A.NASL", "href": "https://www.tenable.com/plugins/nessus/25785", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25785);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-1355\");\n script_bugtraq_id(24058);\n\n script_name(english:\"FreeBSD : tomcat -- XSS vulnerability in sample applications (ab2575d6-39f0-11dc-b8cc-000fea449b8a)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Apache Project reports :\n\nThe JSP and Servlet included in the sample application within the\nTomcat documentation webapp did not escape user provided data before\nincluding it in the output. This enabled a XSS attack. These pages\nhave been simplified not to use any user provided data in the output.\"\n );\n # https://vuxml.freebsd.org/freebsd/ab2575d6-39f0-11dc-b8cc-000fea449b8a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bd0bd9e6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache-tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:jakarta-tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"apache-tomcat>6.0.0<6.0.11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat>5.0.0<5.5.24\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"jakarta-tomcat>5.0.0<5.5.24\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:30:47", "description": "The remote host is running a version of Tomcat server less than 6.0.15. This version of Tomcat is vulnerable to a flaw in the way that it parses WEBDAV 'lock' requests. Specifically, if the lock request references an external file, Tomcat will retrieve the file. This could lead to information disclosure of potentially confidential data. An attacker exploiting this flaw would need to have the ability to authenticate to the Tomcat server. ", "cvss3": {}, "published": "2007-10-15T00:00:00", "type": "nessus", "title": "Apache Tomcat < 6.0.15 WEBDAV Lock Request Information Disclosure (deprecated)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5461"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "4245.PRM", "href": "https://www.tenable.com/plugins/nnm/4245", "sourceData": "Binary data 4245.prm", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:32:55", "description": "Fixed various issues in tomcat :\n\n - CVE-2007-3382: Handling of cookies containing a ' character\n\n - CVE-2007-3385: Handling of \\' in cookies\n\n - CVE-2007-5641: tomcat path traversal / information leak\n\n - CVE-2007-1860: directory traversal\n\n - CVE-2007-3386: tomcat XSS \n\n - CVE-2007-5342: insufficient access restrictions\n\nAdditionally the dbcp namespace in commons-dbcp.jar was fixed.", "cvss3": {}, "published": "2008-03-04T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : apache2-mod_jk (apache2-mod_jk-4997)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1860", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5342", "CVE-2007-5641"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_jk", "p-cpe:/a:novell:opensuse:tomcat55", "p-cpe:/a:novell:opensuse:tomcat55-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat55-common-lib", "p-cpe:/a:novell:opensuse:tomcat55-jasper", "p-cpe:/a:novell:opensuse:tomcat55-jasper-javadoc", "p-cpe:/a:novell:opensuse:tomcat55-jsp-2_0-api", "p-cpe:/a:novell:opensuse:tomcat55-jsp-2_0-api-javadoc", "p-cpe:/a:novell:opensuse:tomcat55-server-lib", "p-cpe:/a:novell:opensuse:tomcat55-servlet-2_4-api", "p-cpe:/a:novell:opensuse:tomcat55-servlet-2_4-api-javadoc", "p-cpe:/a:novell:opensuse:tomcat55-webapps", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_APACHE2-MOD_JK-4997.NASL", "href": "https://www.tenable.com/plugins/nessus/31338", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-mod_jk-4997.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31338);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1860\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\", \"CVE-2007-5342\", \"CVE-2007-5641\");\n\n script_name(english:\"openSUSE 10 Security Update : apache2-mod_jk (apache2-mod_jk-4997)\");\n script_summary(english:\"Check for the apache2-mod_jk-4997 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixed various issues in tomcat :\n\n - CVE-2007-3382: Handling of cookies containing a '\n character\n\n - CVE-2007-3385: Handling of \\' in cookies\n\n - CVE-2007-5641: tomcat path traversal / information leak\n\n - CVE-2007-1860: directory traversal\n\n - CVE-2007-3386: tomcat XSS \n\n - CVE-2007-5342: insufficient access restrictions\n\nAdditionally the dbcp namespace in commons-dbcp.jar was fixed.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2-mod_jk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 22, 79, 94, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_jk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-jsp-2_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-jsp-2_0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-servlet-2_4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-servlet-2_4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"apache2-mod_jk-1.2.21-59.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-5.5.23-113.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-admin-webapps-5.5.23-113.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-common-lib-5.5.23-113.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-jasper-5.5.23-113.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-jasper-javadoc-5.5.23-113.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-jsp-2_0-api-5.5.23-113.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-jsp-2_0-api-javadoc-5.5.23-113.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-server-lib-5.5.23-113.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-servlet-2_4-api-5.5.23-113.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-servlet-2_4-api-javadoc-5.5.23-113.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-webapps-5.5.23-113.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_jk / tomcat55 / tomcat55-admin-webapps / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:08:19", "description": "Fixed various issues in tomcat :\n\n - mod_jk directory traversal. (CVE-2007-1860)\n\n - Handling of cookies containing a ' character.\n (CVE-2007-3382)\n\n - Handling of a double-quote character in cookies.\n (CVE-2007-3385)\n\n - tomcat path traversal / information leak.\n (CVE-2007-5641)\n\n - tomcat HTTP Request Smuggling. (CVE-2005-2090)\n\n - tomcat https information disclosure. (CVE-2008-0128)", "cvss3": {}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : Tomcat (YOU Patch Number 12078)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2090", "CVE-2007-1860", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-5641", "CVE-2008-0128"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12078.NASL", "href": "https://www.tenable.com/plugins/nessus/41198", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41198);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-2090\", \"CVE-2007-1860\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-5641\", \"CVE-2008-0128\");\n\n script_name(english:\"SuSE9 Security Update : Tomcat (YOU Patch Number 12078)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixed various issues in tomcat :\n\n - mod_jk directory traversal. (CVE-2007-1860)\n\n - Handling of cookies containing a ' character.\n (CVE-2007-3382)\n\n - Handling of a double-quote character in cookies.\n (CVE-2007-3385)\n\n - tomcat path traversal / information leak.\n (CVE-2007-5641)\n\n - tomcat HTTP Request Smuggling. (CVE-2005-2090)\n\n - tomcat https information disclosure. (CVE-2008-0128)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2005-2090.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-1860.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3382.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3385.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5641.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0128.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12078.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 20, 22, 94, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"apache-jakarta-tomcat-connectors-5.0.19-29.11\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"apache2-jakarta-tomcat-connectors-5.0.19-29.11\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-5.0.19-29.11\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-doc-5.0.19-29.11\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-examples-5.0.19-29.11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:29:08", "description": "The remote Apache Tomcat web server includes an example JSP application, 'snoop.jsp', that fails to sanitize user-supplied input before using it to generate dynamic content. An unauthenticated, remote attacker can exploit this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.", "cvss3": {}, "published": "2007-06-18T00:00:00", "type": "nessus", "title": "Apache Tomcat snoop.jsp URI XSS", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2449"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_SNOOP_URI_XSS.NASL", "href": "https://www.tenable.com/plugins/nessus/25525", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25525);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2007-2449\");\n script_bugtraq_id(24476);\n\n script_name(english:\"Apache Tomcat snoop.jsp URI XSS\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat web server contains a JSP application that is\naffected by a cross-site scripting vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Apache Tomcat web server includes an example JSP\napplication, 'snoop.jsp', that fails to sanitize user-supplied input\nbefore using it to generate dynamic content. An unauthenticated,\nremote attacker can exploit this issue to inject arbitrary HTML or\nscript code into a user's browser to be executed within the security\ncontext of the affected site.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2007/Jun/182\");\n script_set_attribute(attribute:\"solution\", value:\n\"Undeploy the Tomcat examples web application.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"cross_site_scripting.nasl\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 8080);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"install_func.inc\");\n\nget_install_count(app_name:\"Apache Tomcat\", exit_if_zero:TRUE);\nport = get_http_port(default:8080);\ninstall = get_single_install(app_name:\"Apache Tomcat\", port:port);\n\nget_kb_item_or_exit(\"www/\"+port+\"/generic_xss\");\n\n# Send a request to exploit the flaw.\nxss = raw_string(\"<script>alert('\", SCRIPT_NAME, \"')</script>\");\nexploit = string(\";\", xss, \"test.jsp\");\nforeach dir (make_list(\"/examples/jsp\", \"/jsp-examples\"))\n{\n if (\"/examples/jsp\" == dir)\n {\n w = http_send_recv3(\n method:\"GET\", \n item:string(dir, \"/snp/snoop.jsp\"), \n port:port, \n add_headers: make_array(\"Host\", xss),\n exit_on_fail:TRUE\n );\n }\n else\n {\n w = http_send_recv3(\n method: \"GET\", \n item:string(dir, \"/snp/snoop.jsp\", exploit), \n port:port, \n exit_on_fail:TRUE\n );\n }\n res = w[2];\n\n # There's a problem if our exploit appears in the request URI.\n if (\n (\"/examples/jsp\" == dir && string(\"Server name: \", xss) >< res) ||\n (string(\"Request URI: /jsp-examples/snp/snoop.jsp\", exploit) >< res)\n ) \n {\n if (report_verbosity > 0)\n {\n report = \n '\\n' + 'Nessus was able to exploit the issue using the following HTTP request :' +\n '\\n' +\n '\\n' + crap(data:\"-\", length:30) + \" snip \" + crap(data:\"-\", length:30) + \n '\\n' + chomp(http_last_sent_request()) +\n '\\n' + crap(data:\"-\", length:30) + \" snip \" + crap(data:\"-\", length:30) + '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n exit(0);\n }\n}\naudit(AUDIT_LISTEN_NOT_VULN, \"Apache Tomcat\", port, install[\"version\"]);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:53:13", "description": "Apache Tomcat does not properly handle certain characters in a cookie value, which could possibly lead to the leak of sensitive information such as session IDs (CVE-2007-5333).\n\nThe updated packages have been patched to prevent this issue.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : tomcat5 (MDVSA-2009:018)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5333"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:tomcat5", "p-cpe:/a:mandriva:linux:tomcat5-admin-webapps", "p-cpe:/a:mandriva:linux:tomcat5-common-lib", "p-cpe:/a:mandriva:linux:tomcat5-jasper", "p-cpe:/a:mandriva:linux:tomcat5-jasper-eclipse", "p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-server-lib", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-webapps", "cpe:/o:mandriva:linux:2008.1"], "id": "MANDRIVA_MDVSA-2009-018.NASL", "href": "https://www.tenable.com/plugins/nessus/36308", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:018. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36308);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-5333\");\n script_bugtraq_id(27706);\n script_xref(name:\"MDVSA\", value:\"2009:018\");\n\n script_name(english:\"Mandriva Linux Security Advisory : tomcat5 (MDVSA-2009:018)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache Tomcat does not properly handle certain characters in a cookie\nvalue, which could possibly lead to the leak of sensitive information\nsuch as session IDs (CVE-2007-5333).\n\nThe updated packages have been patched to prevent this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper-eclipse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.1\", reference:\"tomcat5-5.5.25-1.2.1.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"tomcat5-admin-webapps-5.5.25-1.2.1.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"tomcat5-common-lib-5.5.25-1.2.1.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"tomcat5-jasper-5.5.25-1.2.1.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"tomcat5-jasper-eclipse-5.5.25-1.2.1.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"tomcat5-jasper-javadoc-5.5.25-1.2.1.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"tomcat5-jsp-2.0-api-5.5.25-1.2.1.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"tomcat5-server-lib-5.5.25-1.2.1.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"tomcat5-servlet-2.4-api-5.5.25-1.2.1.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"tomcat5-webapps-5.5.25-1.2.1.2mdv2008.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:58:03", "description": "Red Hat Network Satellite Server version 5.1.1 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nDuring an internal security audit, it was discovered that Red Hat Network Satellite Server shipped with an XML-RPC script, manzier.pxt, which had a single hard-coded authentication key. A remote attacker who is able to connect to the Satellite Server XML-RPC service could use this flaw to obtain limited information about Satellite Server users, such as login names, associated email addresses, internal user IDs, and partial information about entitlements. (CVE-2008-2369)\n\nThis release also corrects several security vulnerabilities in various components shipped as part of Red Hat Network Satellite Server 5.1. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments.\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nMultiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306)\n\nA flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898)\n\nMultiple flaws were fixed in the Apache Tomcat package.\n(CVE-2005-4838, CVE-2006-0254, CVE-2007-1355, CVE-2007-1358, CVE-2007-2449, CVE-2007-5461, CVE-2008-0128)\n\nUsers of Red Hat Network Satellite Server 5.1 are advised to upgrade to 5.1.1, which resolves these issues.", "cvss3": {}, "published": "2010-01-10T00:00:00", "type": "nessus", "title": "RHEL 4 : Satellite Server (RHSA-2008:0630)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-4838", "CVE-2006-0254", "CVE-2006-0898", "CVE-2007-1349", "CVE-2007-1355", "CVE-2007-1358", "CVE-2007-2449", "CVE-2007-5461", "CVE-2007-6306", "CVE-2008-0128", "CVE-2008-2369"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jfreechart", "p-cpe:/a:redhat:enterprise_linux:mod_perl", "p-cpe:/a:redhat:enterprise_linux:perl-Crypt-CBC", "p-cpe:/a:redhat:enterprise_linux:rhn-html", "p-cpe:/a:redhat:enterprise_linux:tomcat5", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2008-0630.NASL", "href": "https://www.tenable.com/plugins/nessus/43840", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0630. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43840);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-4838\", \"CVE-2006-0254\", \"CVE-2006-0898\", \"CVE-2007-1349\", \"CVE-2007-1355\", \"CVE-2007-1358\", \"CVE-2007-2449\", \"CVE-2007-5461\", \"CVE-2007-6306\", \"CVE-2008-0128\", \"CVE-2008-2369\");\n script_bugtraq_id(23192, 24476, 26070, 26752, 27365);\n script_xref(name:\"RHSA\", value:\"2008:0630\");\n\n script_name(english:\"RHEL 4 : Satellite Server (RHSA-2008:0630)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Red Hat Network Satellite Server version 5.1.1 is now available. This\nupdate includes fixes for a number of security issues in Red Hat\nNetwork Satellite Server components.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nDuring an internal security audit, it was discovered that Red Hat\nNetwork Satellite Server shipped with an XML-RPC script, manzier.pxt,\nwhich had a single hard-coded authentication key. A remote attacker\nwho is able to connect to the Satellite Server XML-RPC service could\nuse this flaw to obtain limited information about Satellite Server\nusers, such as login names, associated email addresses, internal user\nIDs, and partial information about entitlements. (CVE-2008-2369)\n\nThis release also corrects several security vulnerabilities in various\ncomponents shipped as part of Red Hat Network Satellite Server 5.1. In\na typical operating environment, these components are not exposed to\nusers of Satellite Server in a vulnerable manner. These security\nupdates will reduce risk in unique Satellite Server environments.\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nMultiple cross-site scripting flaws were fixed in the image map\nfeature in the JFreeChart package. (CVE-2007-6306)\n\nA flaw which could result in weak encryption was fixed in the\nperl-Crypt-CBC package. (CVE-2006-0898)\n\nMultiple flaws were fixed in the Apache Tomcat package.\n(CVE-2005-4838, CVE-2006-0254, CVE-2007-1355, CVE-2007-1358,\nCVE-2007-2449, CVE-2007-5461, CVE-2008-0128)\n\nUsers of Red Hat Network Satellite Server 5.1 are advised to upgrade\nto 5.1.1, which resolves these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-4838\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-0254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-0898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1355\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2449\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0630\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 22, 79, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jfreechart\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Crypt-CBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhn-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/12/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0630\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL4\", rpm:\"rhns-app-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Satellite Server\");\n\n if (rpm_check(release:\"RHEL4\", reference:\"jfreechart-0.9.20-3.rhn\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mod_perl-2.0.2-12.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"perl-Crypt-CBC-2.24-1.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rhn-html-5.1.1-7\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"tomcat5-5.0.30-0jpp_10rh\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jfreechart / mod_perl / perl-Crypt-CBC / rhn-html / tomcat5\");\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T14:28:59", "description": "- Cross-site scripting (XSS) vulnerability in example JSP applications. (CVE-2006-7196)\n\n - Handling of cookies containing a ' character.\n (CVE-2007-3382)\n\n - Handling of \\' in cookies. (CVE-2007-3385)\n\n - tomcat path traversal / information leak.\n (CVE-2007-5641)\n\n - directory traversal. (CVE-2007-1860)\n\n - tomcat https information disclosure. (CVE-2008-0128)\n\n - tomcat HTTP Request Smuggling. (CVE-2005-2090)", "cvss3": {}, "published": "2008-02-27T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 4990)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2090", "CVE-2006-7196", "CVE-2007-1860", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-5641", "CVE-2008-0128"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_TOMCAT5-4990.NASL", "href": "https://www.tenable.com/plugins/nessus/31298", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31298);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-2090\", \"CVE-2006-7196\", \"CVE-2007-1860\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-5641\", \"CVE-2008-0128\");\n\n script_name(english:\"SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 4990)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Cross-site scripting (XSS) vulnerability in example JSP\n applications. (CVE-2006-7196)\n\n - Handling of cookies containing a ' character.\n (CVE-2007-3382)\n\n - Handling of \\' in cookies. (CVE-2007-3385)\n\n - tomcat path traversal / information leak.\n (CVE-2007-5641)\n\n - directory traversal. (CVE-2007-1860)\n\n - tomcat https information disclosure. (CVE-2008-0128)\n\n - tomcat HTTP Request Smuggling. (CVE-2005-2090)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2005-2090.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-7196.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-1860.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3382.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3385.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5641.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0128.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 4990.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 20, 22, 79, 94, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"tomcat5-5.0.30-27.21\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"tomcat5-admin-webapps-5.0.30-27.21\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"tomcat5-webapps-5.0.30-27.21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:58:00", "description": "Updated tomcat packages that fix multiple security issues are now available for Red Hat Network Satellite Server.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and JavaServer Pages technologies.\n\nIt was reported Tomcat did not properly handle the following character sequence in a cookie: \\' (a backslash followed by a double-quote). It was possible remote attackers could use this failure to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3385).\n\nTomcat was found treating single quote characters -- ' -- as delimiters in cookies. This could allow remote attackers to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3382).\n\nThe default Tomcat configuration permitted the use of insecure SSL cipher suites including the anonymous cipher suite. (CVE-2007-1858)\n\nTomcat permitted various characters as path delimiters. If Tomcat was used behind certain proxies and configured to only proxy some contexts, an attacker could construct an HTTP request to work around the context restriction and potentially access non-proxied content.\n(CVE-2007-0450)\n\nDirectory listings were enabled by default in Tomcat. Information stored unprotected under the document root was visible to anyone if the administrator did not disable directory listings. (CVE-2006-3835)\n\nIt was found that generating listings of large directories was CPU intensive. An attacker could make repeated requests to obtain a directory listing of any large directory, leading to a denial of service. (CVE-2005-3510)\n\nTomcat was found to accept multiple content-length headers in a request. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. (CVE-2005-2090)\n\nUsers should upgrade to these erratum packages which contain an update to Tomcat that resolves these issues, and add the tyrex and jakarta-commons-pool packages which are required dependencies of the new Tomcat version.", "cvss3": {}, "published": "2010-01-10T00:00:00", "type": "nessus", "title": "RHEL 3 / 4 : tomcat in Satellite Server (RHSA-2007:1069)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2090", "CVE-2005-3510", "CVE-2006-3835", "CVE-2007-0450", "CVE-2007-1858", "CVE-2007-3382", "CVE-2007-3385"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jakarta-commons-pool", "p-cpe:/a:redhat:enterprise_linux:tomcat5", "p-cpe:/a:redhat:enterprise_linux:tyrex", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2007-1069.NASL", "href": "https://www.tenable.com/plugins/nessus/43834", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:1069. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43834);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-2090\", \"CVE-2005-3510\", \"CVE-2006-3835\", \"CVE-2007-0450\", \"CVE-2007-1858\", \"CVE-2007-3382\", \"CVE-2007-3385\");\n script_bugtraq_id(13873, 15325, 19106, 22960, 25316);\n script_xref(name:\"RHSA\", value:\"2007:1069\");\n\n script_name(english:\"RHEL 3 / 4 : tomcat in Satellite Server (RHSA-2007:1069)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat packages that fix multiple security issues are now\navailable for Red Hat Network Satellite Server.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and JavaServer Pages\ntechnologies.\n\nIt was reported Tomcat did not properly handle the following character\nsequence in a cookie: \\' (a backslash followed by a double-quote). It\nwas possible remote attackers could use this failure to obtain\nsensitive information, such as session IDs, for session hijacking\nattacks (CVE-2007-3385).\n\nTomcat was found treating single quote characters -- ' -- as\ndelimiters in cookies. This could allow remote attackers to obtain\nsensitive information, such as session IDs, for session hijacking\nattacks (CVE-2007-3382).\n\nThe default Tomcat configuration permitted the use of insecure SSL\ncipher suites including the anonymous cipher suite. (CVE-2007-1858)\n\nTomcat permitted various characters as path delimiters. If Tomcat was\nused behind certain proxies and configured to only proxy some\ncontexts, an attacker could construct an HTTP request to work around\nthe context restriction and potentially access non-proxied content.\n(CVE-2007-0450)\n\nDirectory listings were enabled by default in Tomcat. Information\nstored unprotected under the document root was visible to anyone if\nthe administrator did not disable directory listings. (CVE-2006-3835)\n\nIt was found that generating listings of large directories was CPU\nintensive. An attacker could make repeated requests to obtain a\ndirectory listing of any large directory, leading to a denial of\nservice. (CVE-2005-3510)\n\nTomcat was found to accept multiple content-length headers in a\nrequest. This could allow attackers to poison a web-cache, bypass web\napplication firewall protection, or conduct cross-site scripting\nattacks. (CVE-2005-2090)\n\nUsers should upgrade to these erratum packages which contain an update\nto Tomcat that resolves these issues, and add the tyrex and\njakarta-commons-pool packages which are required dependencies of the\nnew Tomcat version.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-3835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-5.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:1069\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected jakarta-commons-pool, tomcat5 and / or tyrex\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jakarta-commons-pool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tyrex\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:1069\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL3\", rpm:\"rhns-app-\") || rpm_exists(release:\"RHEL4\", rpm:\"rhns-app-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Satellite Server\");\n\n if (rpm_check(release:\"RHEL3\", reference:\"jakarta-commons-pool-1.2-2jpp_2rh\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"tomcat5-5.0.30-0jpp_6rh\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"tyrex-1.0.1-2jpp_2rh\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"jakarta-commons-pool-1.2-2jpp_2rh\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"tomcat5-5.0.30-0jpp_6rh\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"tyrex-1.0.1-2jpp_2rh\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jakarta-commons-pool / tomcat5 / tyrex\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:31:45", "description": "Fixed various issues in tomcat :\n\n - CVE-2006-7196: Cross-site scripting (XSS) vulnerability in example JSP applications\n\n - CVE-2007-3382: Handling of cookies containing a ' character\n\n - CVE-2007-3385: Handling of \\' in cookies\n\n - CVE-2007-5641: tomcat path traversal / information leak\n\n - CVE-2007-1860: directory traversal\n\n - CVE-2008-0128: tomcat https information disclosure\n\n - CVE-2005-2090: tomcat HTTP Request Smuggling", "cvss3": {}, "published": "2008-02-29T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : apache2-mod_jk (apache2-mod_jk-4992)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2090", "CVE-2006-7196", "CVE-2007-1860", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-5641", "CVE-2008-0128"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_jk", "p-cpe:/a:novell:opensuse:mod_jk-ap20", "p-cpe:/a:novell:opensuse:tomcat5", "p-cpe:/a:novell:opensuse:tomcat5-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat5-webapps", "cpe:/o:novell:opensuse:10.1", "cpe:/o:novell:opensuse:10.2"], "id": "SUSE_APACHE2-MOD_JK-4992.NASL", "href": "https://www.tenable.com/plugins/nessus/31319", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-mod_jk-4992.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31319);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-2090\", \"CVE-2006-7196\", \"CVE-2007-1860\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-5641\", \"CVE-2008-0128\");\n\n script_name(english:\"openSUSE 10 Security Update : apache2-mod_jk (apache2-mod_jk-4992)\");\n script_summary(english:\"Check for the apache2-mod_jk-4992 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixed various issues in tomcat :\n\n - CVE-2006-7196: Cross-site scripting (XSS) vulnerability\n in example JSP applications\n\n - CVE-2007-3382: Handling of cookies containing a '\n character\n\n - CVE-2007-3385: Handling of \\' in cookies\n\n - CVE-2007-5641: tomcat path traversal / information leak\n\n - CVE-2007-1860: directory traversal\n\n - CVE-2008-0128: tomcat https information disclosure\n\n - CVE-2005-2090: tomcat HTTP Request Smuggling\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2-mod_jk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 20, 22, 79, 94, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_jk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mod_jk-ap20\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"mod_jk-ap20-4.1.30-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"tomcat5-5.0.30-27.21\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"tomcat5-admin-webapps-5.0.30-27.21\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"tomcat5-webapps-5.0.30-27.21\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"apache2-mod_jk-4.1.30-13.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"tomcat5-5.0.30-60\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"tomcat5-admin-webapps-5.0.30-60\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"tomcat5-webapps-5.0.30-60\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_jk-ap20 / tomcat5 / tomcat5-admin-webapps / tomcat5-webapps / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:37:42", "description": "According to its self-reported version number, the Apache Tomcat instance listening on the remote host is prior to 6.0.13. It is, therefore, affected by the following vulnerabilities :\n\n - Requests containing multiple 'content-length' headers are not rejected as invalid. This error can allow web-cache poisoning, cross-site scripting attacks and information disclosure. (CVE-2005-2090)\n\n - The remote Apache Tomcat install may be vulnerable to a cross-site scripting attack if the JSP and Servlet examples are enabled. Several of these examples do not properly validate user input. (CVE-2007-1355)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2011-11-18T00:00:00", "type": "nessus", "title": "Apache Tomcat < 6.0.13 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2090", "CVE-2007-1355"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_6_0_13.NASL", "href": "https://www.tenable.com/plugins/nessus/17728", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17728);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2005-2090\", \"CVE-2007-1355\");\n script_bugtraq_id(13873, 24058);\n\n script_name(english:\"Apache Tomcat < 6.0.13 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Apache Tomcat\ninstance listening on the remote host is prior to 6.0.13. It is,\ntherefore, affected by the following vulnerabilities :\n\n - Requests containing multiple 'content-length' headers\n are not rejected as invalid. This error can allow\n web-cache poisoning, cross-site scripting attacks and\n information disclosure. (CVE-2005-2090)\n\n - The remote Apache Tomcat install may be vulnerable to\n a cross-site scripting attack if the JSP and Servlet\n examples are enabled. Several of these examples do\n not properly validate user input. (CVE-2007-1355)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.11\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 6.0.13 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2005-2090\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/06/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"6.0.13\", min:\"6.0.0\", severity:SECURITY_WARNING, xss:TRUE, granularity_regex:\"^6(\\.0)?$\");\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:51:05", "description": "From Red Hat Security Advisory 2008:0042 :\n\nUpdated tomcat packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and JavaServer Pages technologies.\n\nA directory traversal vulnerability existed in the Apache Tomcat webdav servlet. In some configurations it allowed remote authenticated users to read files accessible to the local tomcat process.\n(CVE-2007-5461)\n\nThe default security policy in the JULI logging component did not restrict access permissions to files. This could be misused by untrusted web applications to access and write arbitrary files in the context of the tomcat process. (CVE-2007-5342)\n\nUsers of Tomcat should update to these errata packages, which contain backported patches and are not vulnerable to these issues.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : tomcat (ELSA-2008-0042)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5342", "CVE-2007-5461"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat5", "p-cpe:/a:oracle:linux:tomcat5-admin-webapps", "p-cpe:/a:oracle:linux:tomcat5-common-lib", "p-cpe:/a:oracle:linux:tomcat5-jasper", "p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-server-lib", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-webapps", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2008-0042.NASL", "href": "https://www.tenable.com/plugins/nessus/67640", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0042 and \n# Oracle Linux Security Advisory ELSA-2008-0042 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67640);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-5342\", \"CVE-2007-5461\");\n script_bugtraq_id(26070, 27006);\n script_xref(name:\"RHSA\", value:\"2008:0042\");\n\n script_name(english:\"Oracle Linux 5 : tomcat (ELSA-2008-0042)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0042 :\n\nUpdated tomcat packages that fix security issues and bugs are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and JavaServer Pages\ntechnologies.\n\nA directory traversal vulnerability existed in the Apache Tomcat\nwebdav servlet. In some configurations it allowed remote authenticated\nusers to read files accessible to the local tomcat process.\n(CVE-2007-5461)\n\nThe default security policy in the JULI logging component did not\nrestrict access permissions to files. This could be misused by\nuntrusted web applications to access and write arbitrary files in the\ncontext of the tomcat process. (CVE-2007-5342)\n\nUsers of Tomcat should update to these errata packages, which contain\nbackported patches and are not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-March/000540.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-webapps-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T14:57:29", "description": "Updated tomcat packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and JavaServer Pages technologies.\n\nA directory traversal vulnerability existed in the Apache Tomcat webdav servlet. In some configurations it allowed remote authenticated users to read files accessible to the local tomcat process.\n(CVE-2007-5461)\n\nThe default security policy in the JULI logging component did not restrict access permissions to files. This could be misused by untrusted web applications to access and write arbitrary files in the context of the tomcat process. (CVE-2007-5342)\n\nUsers of Tomcat should update to these errata packages, which contain backported patches and are not vulnerable to these issues.", "cvss3": {}, "published": "2010-01-06T00:00:00", "type": "nessus", "title": "CentOS 5 : tomcat (CESA-2008:0042)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5342", "CVE-2007-5461"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat5", "p-cpe:/a:centos:centos:tomcat5-admin-webapps", "p-cpe:/a:centos:centos:tomcat5-common-lib", "p-cpe:/a:centos:centos:tomcat5-jasper", "p-cpe:/a:centos:centos:tomcat5-jasper-javadoc", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:centos:centos:tomcat5-server-lib", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:centos:centos:tomcat5-webapps", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2008-0042.NASL", "href": "https://www.tenable.com/plugins/nessus/43669", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0042 and \n# CentOS Errata and Security Advisory 2008:0042 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43669);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-5342\", \"CVE-2007-5461\");\n script_bugtraq_id(26070, 27006);\n script_xref(name:\"RHSA\", value:\"2008:0042\");\n\n script_name(english:\"CentOS 5 : tomcat (CESA-2008:0042)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat packages that fix security issues and bugs are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and JavaServer Pages\ntechnologies.\n\nA directory traversal vulnerability existed in the Apache Tomcat\nwebdav servlet. In some configurations it allowed remote authenticated\nusers to read files accessible to the local tomcat process.\n(CVE-2007-5461)\n\nThe default security policy in the JULI logging component did not\nrestrict access permissions to files. This could be misused by\nuntrusted web applications to access and write arbitrary files in the\ncontext of the tomcat process. (CVE-2007-5342)\n\nUsers of Tomcat should update to these errata packages, which contain\nbackported patches and are not vulnerable to these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014764.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3b01cf4d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-March/014765.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?022f00b8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-webapps-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T14:32:34", "description": "Updated tomcat packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and JavaServer Pages technologies.\n\nA directory traversal vulnerability existed in the Apache Tomcat webdav servlet. In some configurations it allowed remote authenticated users to read files accessible to the local tomcat process.\n(CVE-2007-5461)\n\nThe default security policy in the JULI logging component did not restrict access permissions to files. This could be misused by untrusted web applications to access and write arbitrary files in the context of the tomcat process. (CVE-2007-5342)\n\nUsers of Tomcat should update to these errata packages, which contain backported patches and are not vulnerable to these issues.", "cvss3": {}, "published": "2008-03-13T00:00:00", "type": "nessus", "title": "RHEL 5 : tomcat (RHSA-2008:0042)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5342", "CVE-2007-5461"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat5", "p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.1"], "id": "REDHAT-RHSA-2008-0042.NASL", "href": "https://www.tenable.com/plugins/nessus/31448", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0042. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31448);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-5342\", \"CVE-2007-5461\");\n script_bugtraq_id(26070, 27006);\n script_xref(name:\"RHSA\", value:\"2008:0042\");\n\n script_name(english:\"RHEL 5 : tomcat (RHSA-2008:0042)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat packages that fix security issues and bugs are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and JavaServer Pages\ntechnologies.\n\nA directory traversal vulnerability existed in the Apache Tomcat\nwebdav servlet. In some configurations it allowed remote authenticated\nusers to read files accessible to the local tomcat process.\n(CVE-2007-5461)\n\nThe default security policy in the JULI logging component did not\nrestrict access permissions to files. This could be misused by\nuntrusted web applications to access and write arbitrary files in the\ncontext of the tomcat process. (CVE-2007-5342)\n\nUsers of Tomcat should update to these errata packages, which contain\nbackported patches and are not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0042\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0042\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-common-lib-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-common-lib-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-common-lib-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-server-lib-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-server-lib-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-server-lib-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-webapps-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-webapps-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-webapps-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T14:26:38", "description": "A directory traversal vulnerability existed in the Apache Tomcat webdav servlet. In some configurations it allowed remote authenticated users to read files accessible to the local tomcat process.\n(CVE-2007-5461)\n\nThe default security policy in the JULI logging component did not restrict access permissions to files. This could be misused by untrusted web applications to access and write arbitrary files in the context of the tomcat process. (CVE-2007-5342)", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5342", "CVE-2007-5461"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080311_TOMCAT_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60371", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60371);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-5342\", \"CVE-2007-5461\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A directory traversal vulnerability existed in the Apache Tomcat\nwebdav servlet. In some configurations it allowed remote authenticated\nusers to read files accessible to the local tomcat process.\n(CVE-2007-5461)\n\nThe default security policy in the JULI logging component did not\nrestrict access permissions to files. This could be misused by\nuntrusted web applications to access and write arbitrary files in the\ncontext of the tomcat process. (CVE-2007-5342)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0803&L=scientific-linux-errata&T=0&P=1946\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fd4f68a7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_cwe_id(22, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jasper-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-webapps-5.5.23-0jpp.3.0.3.el5_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T15:10:08", "description": "This update of Tomcat fixes cross-site scripting bugs (CVE-2007-2449) as well as it improves the list of supported SSL ciphers.\n(CVE-2007-1858)", "cvss3": {}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : Tomcat (YOU Patch Number 12116)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1858", "CVE-2007-2449"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12116.NASL", "href": "https://www.tenable.com/plugins/nessus/41202", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41202);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1858\", \"CVE-2007-2449\");\n\n script_name(english:\"SuSE9 Security Update : Tomcat (YOU Patch Number 12116)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of Tomcat fixes cross-site scripting bugs (CVE-2007-2449)\nas well as it improves the list of supported SSL ciphers.\n(CVE-2007-1858)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-1858.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2449.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12116.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"apache-jakarta-tomcat-connectors-5.0.19-29.13\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"apache2-jakarta-tomcat-connectors-5.0.19-29.13\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-5.0.19-29.13\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-doc-5.0.19-29.13\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-examples-5.0.19-29.13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:32:06", "description": "This update of tomcat fixes cross-site-scripting bugs (CVE-2007-2449) as well as it improves the list of supported SSL ciphers (CVE-2007-1858).", "cvss3": {}, "published": "2008-03-28T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : tomcat55 (tomcat55-5069)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1858", "CVE-2007-2449"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat55", "p-cpe:/a:novell:opensuse:tomcat55-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat55-common-lib", "p-cpe:/a:novell:opensuse:tomcat55-jasper", "p-cpe:/a:novell:opensuse:tomcat55-jasper-javadoc", "p-cpe:/a:novell:opensuse:tomcat55-jsp-2_0-api", "p-cpe:/a:novell:opensuse:tomcat55-jsp-2_0-api-javadoc", "p-cpe:/a:novell:opensuse:tomcat55-server-lib", "p-cpe:/a:novell:opensuse:tomcat55-servlet-2_4-api", "p-cpe:/a:novell:opensuse:tomcat55-servlet-2_4-api-javadoc", "p-cpe:/a:novell:opensuse:tomcat55-webapps", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_TOMCAT55-5069.NASL", "href": "https://www.tenable.com/plugins/nessus/31698", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tomcat55-5069.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31698);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1858\", \"CVE-2007-2449\");\n\n script_name(english:\"openSUSE 10 Security Update : tomcat55 (tomcat55-5069)\");\n script_summary(english:\"Check for the tomcat55-5069 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat fixes cross-site-scripting bugs (CVE-2007-2449)\nas well as it improves the list of supported SSL ciphers\n(CVE-2007-1858).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat55 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-jsp-2_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-jsp-2_0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-servlet-2_4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-servlet-2_4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-5.5.23-113.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-admin-webapps-5.5.23-113.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-common-lib-5.5.23-113.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-jasper-5.5.23-113.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-jasper-javadoc-5.5.23-113.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-jsp-2_0-api-5.5.23-113.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-jsp-2_0-api-javadoc-5.5.23-113.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-server-lib-5.5.23-113.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-servlet-2_4-api-5.5.23-113.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-servlet-2_4-api-javadoc-5.5.23-113.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-webapps-5.5.23-113.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:32:39", "description": "This update of tomcat fixes cross-site scripting bugs (CVE-2007-2449) as well as it improves the list of supported SSL ciphers.\n(CVE-2007-1858)", "cvss3": {}, "published": "2008-03-26T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 5070)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1858", "CVE-2007-2449"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_TOMCAT5-5070.NASL", "href": "https://www.tenable.com/plugins/nessus/31674", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31674);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1858\", \"CVE-2007-2449\");\n\n script_name(english:\"SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 5070)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat fixes cross-site scripting bugs (CVE-2007-2449)\nas well as it improves the list of supported SSL ciphers.\n(CVE-2007-1858)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-1858.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2449.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5070.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"tomcat5-5.0.30-27.26\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"tomcat5-admin-webapps-5.0.30-27.26\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"tomcat5-webapps-5.0.30-27.26\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:32:43", "description": "This update of tomcat fixes cross-site-scripting bugs (CVE-2007-2449) as well as it improves the list of supported SSL ciphers (CVE-2007-1858).", "cvss3": {}, "published": "2008-03-26T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : tomcat5 (tomcat5-5071)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1858", "CVE-2007-2449"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat5", "p-cpe:/a:novell:opensuse:tomcat5-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat5-webapps", "cpe:/o:novell:opensuse:10.1", "cpe:/o:novell:opensuse:10.2"], "id": "SUSE_TOMCAT5-5071.NASL", "href": "https://www.tenable.com/plugins/nessus/31675", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tomcat5-5071.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31675);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1858\", \"CVE-2007-2449\");\n\n script_name(english:\"openSUSE 10 Security Update : tomcat5 (tomcat5-5071)\");\n script_summary(english:\"Check for the tomcat5-5071 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat fixes cross-site-scripting bugs (CVE-2007-2449)\nas well as it improves the list of supported SSL ciphers\n(CVE-2007-1858).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"tomcat5-5.0.30-27.26\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"tomcat5-admin-webapps-5.0.30-27.26\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"tomcat5-webapps-5.0.30-27.26\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"tomcat5-5.0.30-62\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"tomcat5-admin-webapps-5.0.30-62\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"tomcat5-webapps-5.0.30-62\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:26:53", "description": "Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2008-0128 Olaf Kock discovered that HTTPS encryption was insufficiently enforced for single-sign-on cookies, which could result in information disclosure.\n\n - CVE-2007-2450 It was discovered that the Manager and Host Manager web applications performed insufficient input sanitising, which could lead to cross site scripting.\n\nThis update also adapts the tomcat5.5-webapps package to the tightened JULI permissions introduced in the previous tomcat5.5 DSA. However, it should be noted, that the tomcat5.5-webapps is for demonstration and documentation purposes only and should not be used for production systems.", "cvss3": {}, "published": "2008-01-27T00:00:00", "type": "nessus", "title": "Debian DSA-1468-1 : tomcat5.5 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2450", "CVE-2008-0128"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat5.5", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1468.NASL", "href": "https://www.tenable.com/plugins/nessus/30060", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1468. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30060);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-2450\", \"CVE-2008-0128\");\n script_bugtraq_id(24475);\n script_xref(name:\"DSA\", value:\"1468\");\n\n script_name(english:\"Debian DSA-1468-1 : tomcat5.5 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2008-0128\n Olaf Kock discovered that HTTPS encryption was\n insufficiently enforced for single-sign-on cookies,\n which could result in information disclosure.\n\n - CVE-2007-2450\n It was discovered that the Manager and Host Manager web\n applications performed insufficient input sanitising,\n which could lead to cross site scripting.\n\nThis update also adapts the tomcat5.5-webapps package to the tightened\nJULI permissions introduced in the previous tomcat5.5 DSA. However, it\nshould be noted, that the tomcat5.5-webapps is for demonstration and\ndocumentation purposes only and should not be used for production\nsystems.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-0128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-2450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1468\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat5.5 packages.\n\nThe old stable distribution (sarge) doesn't contain tomcat5.5.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 5.5.20-2etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"libtomcat5.5-java\", reference:\"5.5.20-2etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"tomcat5.5\", reference:\"5.5.20-2etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"tomcat5.5-admin\", reference:\"5.5.20-2etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"tomcat5.5-webapps\", reference:\"5.5.20-2etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:58:57", "description": "Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nDuring an internal security review, a cross-site scripting flaw was found that affected the Red Hat Network channel search feature.\n(CVE-2007-5961)\n\nThis release also corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388)\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nA denial-of-service flaw was fixed in the jabberd server.\n(CVE-2006-1329)\n\nMultiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306)\n\nMultiple flaws were fixed in the IBM Java 1.4.2 Runtime.\n(CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789)\n\nTwo arbitrary code execution flaws were fixed in the OpenMotif package. (CVE-2005-3964, CVE-2005-0605)\n\nA flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898)\n\nMultiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510)\n\nUsers of Red Hat Network Satellite Server 5.0 are advised to upgrade to 5.0.2, which resolves these issues.", "cvss3": {}, "published": "2010-01-10T00:00:00", "type": "nessus", "title": "RHEL 4 : Satellite Server (RHSA-2008:0261)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0885", "CVE-2005-0605", "CVE-2005-2090", "CVE-2005-3510", "CVE-2005-3964", "CVE-2005-4838", "CVE-2006-0254", "CVE-2006-0898", "CVE-2006-1329", "CVE-2006-3835", "CVE-2006-5752", "CVE-2006-7195", "CVE-2006-7196", "CVE-2006-7197", "CVE-2007-0243", "CVE-2007-0450", "CVE-2007-1349", "CVE-2007-1355", "CVE-2007-1358", "CVE-2007-1860", "CVE-2007-2435", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-2788", "CVE-2007-2789", "CVE-2007-3304", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-4465", "CVE-2007-5000", "CVE-2007-5461", "CVE-2007-5961", "CVE-2007-6306", "CVE-2007-6388", "CVE-2008-0128"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jabberd", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:jfreechart", "p-cpe:/a:redhat:enterprise_linux:openmotif21", "p-cpe:/a:redhat:enterprise_linux:perl-Crypt-CBC", "p-cpe:/a:redhat:enterprise_linux:rhn-apache", "p-cpe:/a:redhat:enterprise_linux:rhn-modjk-ap13", "p-cpe:/a:redhat:enterprise_linux:rhn-modperl", "p-cpe:/a:redhat:enterprise_linux:rhn-modssl", "p-cpe:/a:redhat:enterprise_linux:tomcat5", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2008-0261.NASL", "href": "https://www.tenable.com/plugins/nessus/43835", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0261. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43835);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-0885\", \"CVE-2005-0605\", \"CVE-2005-2090\", \"CVE-2005-3510\", \"CVE-2005-3964\", \"CVE-2005-4838\", \"CVE-2006-0254\", \"CVE-2006-0898\", \"CVE-2006-1329\", \"CVE-2006-3835\", \"CVE-2006-5752\", \"CVE-2006-7195\", \"CVE-2006-7196\", \"CVE-2006-7197\", \"CVE-2007-0243\", \"CVE-2007-0450\", \"CVE-2007-1349\", \"CVE-2007-1355\", \"CVE-2007-1358\", \"CVE-2007-1860\", \"CVE-2007-2435\", \"CVE-2007-2449\", \"CVE-2007-2450\", \"CVE-2007-2788\", \"CVE-2007-2789\", \"CVE-2007-3304\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-4465\", \"CVE-2007-5000\", \"CVE-2007-5461\", \"CVE-2007-5961\", \"CVE-2007-6306\", \"CVE-2007-6388\", \"CVE-2008-0128\");\n script_bugtraq_id(15325, 16802, 19106, 22085, 22960, 23192, 24004, 24147, 24215, 24475, 24476, 24524, 24645, 25316, 25531, 25653, 26070, 26752, 26838, 27237, 27365, 28481);\n script_xref(name:\"RHSA\", value:\"2008:0261\");\n\n script_name(english:\"RHEL 4 : Satellite Server (RHSA-2008:0261)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Red Hat Network Satellite Server version 5.0.2 is now available. This\nupdate includes fixes for a number of security issues in Red Hat\nNetwork Satellite Server components.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nDuring an internal security review, a cross-site scripting flaw was\nfound that affected the Red Hat Network channel search feature.\n(CVE-2007-5961)\n\nThis release also corrects several security vulnerabilities in various\ncomponents shipped as part of the Red Hat Network Satellite Server. In\na typical operating environment, these components are not exposed to\nusers of Satellite Server in a vulnerable manner. These security\nupdates will reduce risk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache HTTPD server. These flaws\ncould result in a cross-site scripting, denial-of-service, or\ninformation disclosure attacks. (CVE-2004-0885, CVE-2006-5752,\nCVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465,\nCVE-2007-5000, CVE-2007-6388)\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nA denial-of-service flaw was fixed in the jabberd server.\n(CVE-2006-1329)\n\nMultiple cross-site scripting flaws were fixed in the image map\nfeature in the JFreeChart package. (CVE-2007-6306)\n\nMultiple flaws were fixed in the IBM Java 1.4.2 Runtime.\n(CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789)\n\nTwo arbitrary code execution flaws were fixed in the OpenMotif\npackage. (CVE-2005-3964, CVE-2005-0605)\n\nA flaw which could result in weak encryption was fixed in the\nperl-Crypt-CBC package. (CVE-2006-0898)\n\nMultiple flaws were fixed in the Tomcat package. (CVE-2008-0128,\nCVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358,\nCVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450,\nCVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254,\nCVE-2005-2090, CVE-2005-4838, CVE-2005-3510)\n\nUsers of Red Hat Network Satellite Server 5.0 are advised to upgrade\nto 5.0.2, which resolves these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3964\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-4838\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-0254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-0898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1329\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-3835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-5752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-7195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-7196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-7197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1355\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1860\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2449\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5961\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0261\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 20, 22, 79, 119, 189, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jabberd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jfreechart\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openmotif21\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Crypt-CBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhn-apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhn-modjk-ap13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhn-modperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhn-modssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0261\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL4\", rpm:\"rhns-app-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Satellite Server\");\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"jabberd-2.0s10-3.38.rhn\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.4.2-ibm-1.4.2.10-1jpp.2.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jfreechart-0.9.20-3.rhn\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"openmotif21-2.1.30-11.RHEL4.6\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"perl-Crypt-CBC-2.24-1.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"rhn-apache-1.3.27-36.rhn.rhel4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"rhn-modjk-ap13-1.2.23-2rhn.rhel4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"rhn-modperl-1.29-16.rhel4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"rhn-modssl-2.8.12-8.rhn.10.rhel4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"tomcat5-5.0.30-0jpp_10rh\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jabberd / java-1.4.2-ibm / java-1.4.2-ibm-devel / jfreechart / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:57:30", "description": "Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nThis release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server 4.2. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388)\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nA denial-of-service flaw was fixed in the jabberd server.\n(CVE-2006-1329)\n\nMultiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306)\n\nMultiple flaws were fixed in the IBM Java 1.4.2 Runtime.\n(CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789)\n\nMultiple flaws were fixed in the OpenMotif package. (CVE-2004-0687, CVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605)\n\nA flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898)\n\nMultiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510)\n\nUsers of Red Hat Network Satellite Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.", "cvss3": {}, "published": "2010-01-10T00:00:00", "type": "nessus", "title": "RHEL 3 / 4 : Satellite Server (RHSA-2008:0524)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0687", "CVE-2004-0688", "CVE-2004-0885", "CVE-2004-0914", "CVE-2005-0605", "CVE-2005-2090", "CVE-2005-3510", "CVE-2005-3964", "CVE-2005-4838", "CVE-2006-0254", "CVE-2006-0898", "CVE-2006-1329", "CVE-2006-3835", "CVE-2006-5752", "CVE-2006-7195", "CVE-2006-7196", "CVE-2006-7197", "CVE-2007-0243", "CVE-2007-0450", "CVE-2007-1349", "CVE-2007-1355", "CVE-2007-1358", "CVE-2007-1860", "CVE-2007-2435", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-2788", "CVE-2007-2789", "CVE-2007-3304", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-4465", "CVE-2007-5000", "CVE-2007-5461", "CVE-2007-6306", "CVE-2007-6388", "CVE-2008-0128"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jabberd", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:jfreechart", "p-cpe:/a:redhat:enterprise_linux:openmotif21", "p-cpe:/a:redhat:enterprise_linux:perl-Crypt-CBC", "p-cpe:/a:redhat:enterprise_linux:rhn-apache", "p-cpe:/a:redhat:enterprise_linux:rhn-modjk-ap13", "p-cpe:/a:redhat:enterprise_linux:rhn-modperl", "p-cpe:/a:redhat:enterprise_linux:rhn-modssl", "p-cpe:/a:redhat:enterprise_linux:tomcat5", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2008-0524.NASL", "href": "https://www.tenable.com/plugins/nessus/43837", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0524. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43837);\n script_version(\"1.29\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-0687\", \"CVE-2004-0688\", \"CVE-2004-0885\", \"CVE-2004-0914\", \"CVE-2005-0605\", \"CVE-2005-2090\", \"CVE-2005-3510\", \"CVE-2005-3964\", \"CVE-2005-4838\", \"CVE-2006-0254\", \"CVE-2006-0898\", \"CVE-2006-1329\", \"CVE-2006-3835\", \"CVE-2006-5752\", \"CVE-2006-7195\", \"CVE-2006-7196\", \"CVE-2006-7197\", \"CVE-2007-0243\", \"CVE-2007-0450\", \"CVE-2007-1349\", \"CVE-2007-1355\", \"CVE-2007-1358\", \"CVE-2007-1860\", \"CVE-2007-2435\", \"CVE-2007-2449\", \"CVE-2007-2450\", \"CVE-2007-2788\", \"CVE-2007-2789\", \"CVE-2007-3304\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-4465\", \"CVE-2007-5000\", \"CVE-2007-5461\", \"CVE-2007-6306\", \"CVE-2007-6388\", \"CVE-2008-0128\");\n script_bugtraq_id(13873, 15325, 16802, 19106, 22085, 22960, 23192, 24004, 24215, 24475, 24476, 24524, 24645, 25316, 25531, 26070, 26752, 26838, 27237, 27365, 28481);\n script_xref(name:\"RHSA\", value:\"2008:0524\");\n\n script_name(english:\"RHEL 3 / 4 : Satellite Server (RHSA-2008:0524)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Red Hat Network Satellite Server version 4.2.3 is now available. This\nupdate includes fixes for a number of security issues in Red Hat\nNetwork Satellite Server components.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThis release corrects several security vulnerabilities in various\ncomponents shipped as part of the Red Hat Network Satellite Server\n4.2. In a typical operating environment, these components are not\nexposed to users of Satellite Server in a vulnerable manner. These\nsecurity updates will reduce risk in unique Satellite Server\nenvironments.\n\nMultiple flaws were fixed in the Apache HTTPD server. These flaws\ncould result in a cross-site scripting, denial-of-service, or\ninformation disclosure attacks. (CVE-2004-0885, CVE-2006-5752,\nCVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465,\nCVE-2007-5000, CVE-2007-6388)\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nA denial-of-service flaw was fixed in the jabberd server.\n(CVE-2006-1329)\n\nMultiple cross-site scripting flaws were fixed in the image map\nfeature in the JFreeChart package. (CVE-2007-6306)\n\nMultiple flaws were fixed in the IBM Java 1.4.2 Runtime.\n(CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789)\n\nMultiple flaws were fixed in the OpenMotif package. (CVE-2004-0687,\nCVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605)\n\nA flaw which could result in weak encryption was fixed in the\nperl-Crypt-CBC package. (CVE-2006-0898)\n\nMultiple flaws were fixed in the Tomcat package. (CVE-2008-0128,\nCVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358,\nCVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450,\nCVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254,\nCVE-2005-2090, CVE-2005-4838, CVE-2005-3510)\n\nUsers of Red Hat Network Satellite Server 4.2 are advised to upgrade\nto 4.2.3, which resolves these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3964\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-4838\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-0254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-0898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1329\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-3835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-5752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-7195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-7196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-7197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1355\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1860\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2449\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0524\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 20, 22, 79, 119, 189, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jabberd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jfreechart\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openmotif21\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Crypt-CBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhn-apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhn-modjk-ap13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhn-modperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhn-modssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0524\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL3\", rpm:\"rhns-app-\") || rpm_exists(release:\"RHEL4\", rpm:\"rhns-app-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Satellite Server\");\n\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"jabberd-2.0s10-3.37.rhn\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"java-1.4.2-ibm-1.4.2.10-1jpp.2.el3\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"jfreechart-0.9.20-3.rhn\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"openmotif21-2.1.30-9.RHEL3.8\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"perl-Crypt-CBC-2.24-1.el3\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"rhn-apache-1.3.27-36.rhn.rhel3\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"rhn-modjk-ap13-1.2.23-2rhn.rhel3\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"rhn-modperl-1.29-16.rhel3\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"rhn-modssl-2.8.12-8.rhn.10.rhel3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"tomcat5-5.0.30-0jpp_10rh\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"jabberd-2.0s10-3.38.rhn\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.4.2-ibm-1.4.2.10-1jpp.2.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jfreechart-0.9.20-3.rhn\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"openmotif21-2.1.30-11.RHEL4.6\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"perl-Crypt-CBC-2.24-1.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"rhn-apache-1.3.27-36.rhn.rhel4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"rhn-modjk-ap13-1.2.23-2rhn.rhel4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"rhn-modperl-1.29-16.rhel4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"rhn-modssl-2.8.12-8.rhn.10.rhel4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"tomcat5-5.0.30-0jpp_10rh\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jabberd / java-1.4.2-ibm / java-1.4.2-ibm-devel / jfreechart / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:20:35", "description": "Multiple vulnerabilities has been found and corrected in tomcat5 :\n\nApache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (') characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE:\nthis issue exists because of an incomplete fix for CVE-2007-3385 (CVE-2007-5333).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request (CVE-2008-5515).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header (CVE-2009-0033).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter (CVE-2009-0580).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application (CVE-2009-0783).\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).\n\nThe autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests (CVE-2009-2901).\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename (CVE-2009-2902).\n\nApache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply (CVE-2010-1157).\n\nApache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with recycling of a buffer. (CVE-2010-2227)\n\nPackages for 2008.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4 90\n\nThe updated packages have been patched to correct these issues.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "baseScore": 4.2, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2010-09-13T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : tomcat5 (MDVSA-2010:176)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3385", "CVE-2007-5333", "CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0783", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2010-1157", "CVE-2010-2227"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:tomcat5", "p-cpe:/a:mandriva:linux:tomcat5-admin-webapps", "p-cpe:/a:mandriva:linux:tomcat5-common-lib", "p-cpe:/a:mandriva:linux:tomcat5-jasper", "p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-server-lib", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-webapps", "cpe:/o:mandriva:linux:2008.0"], "id": "MANDRIVA_MDVSA-2010-176.NASL", "href": "https://www.tenable.com/plugins/nessus/49206", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:176. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49206);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-5333\", \"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_bugtraq_id(27706, 35193, 35196, 35263, 35416, 37942, 37944, 37945, 39635, 41544);\n script_xref(name:\"MDVSA\", value:\"2010:176\");\n\n script_name(english:\"Mandriva Linux Security Advisory : tomcat5 (MDVSA-2010:176)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in tomcat5 :\n\nApache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0\nthrough 4.1.36 does not properly handle (1) double quote (')\ncharacters or (2) %5C (encoded backslash) sequences in a cookie value,\nwhich might cause sensitive information such as session IDs to be\nleaked to remote attackers and enable session hijacking attacks. NOTE:\nthis issue exists because of an incomplete fix for CVE-2007-3385\n(CVE-2007-5333).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0\nthrough 6.0.18, and possibly earlier versions normalizes the target\npathname before filtering the query string when using the\nRequestDispatcher method, which allows remote attackers to bypass\nintended access restrictions and conduct directory traversal attacks\nvia .. (dot dot) sequences and the WEB-INF directory in a Request\n(CVE-2008-5515).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\nthrough 6.0.18, when the Java AJP connector and mod_jk load balancing\nare used, allows remote attackers to cause a denial of service\n(application outage) via a crafted request with invalid headers,\nrelated to temporary blocking of connectors that have encountered\nerrors, as demonstrated by an error involving a malformed HTTP Host\nheader (CVE-2009-0033).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\nthrough 6.0.18, when FORM authentication is used, allows remote\nattackers to enumerate valid usernames via requests to\n/j_security_check with malformed URL encoding of passwords, related to\nimproper error checking in the (1) MemoryRealm, (2) DataSourceRealm,\nand (3) JDBCRealm authentication realms, as demonstrated by a %\n(percent) value for the j_password parameter (CVE-2009-0580).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\nthrough 6.0.18 permits web applications to replace an XML parser used\nfor other web applications, which allows local users to read or modify\nthe (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web\napplications via a crafted application that is loaded earlier than the\ntarget application (CVE-2009-0783).\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through\n5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or\noverwrite arbitrary files via a .. (dot dot) in an entry in a WAR\nfile, as demonstrated by a ../../bin/catalina.bat entry\n(CVE-2009-2693).\n\nThe autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and\n6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase\nfiles that remain from a failed undeploy, which might allow remote\nattackers to bypass intended authentication requirements via HTTP\nrequests (CVE-2009-2901).\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through\n5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete\nwork-directory files via directory traversal sequences in a WAR\nfilename, as demonstrated by the ...war filename (CVE-2009-2902).\n\nApache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might\nallow remote attackers to discover the server's hostname or IP address\nby sending a request for a resource that requires (1) BASIC or (2)\nDIGEST authentication, and then reading the realm field in the\nWWW-Authenticate header in the reply (CVE-2010-1157).\n\nApache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0\nbeta does not properly handle an invalid Transfer-Encoding header,\nwhich allows remote attackers to cause a denial of service\n(application outage) or obtain sensitive information via a crafted\nheader that interferes with recycling of a buffer. (CVE-2010-2227)\n\nPackages for 2008.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4\n90\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 22, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-admin-webapps-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-common-lib-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-jasper-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-jasper-javadoc-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-jsp-2.0-api-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-server-lib-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-servlet-2.4-api-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-webapps-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:38:12", "description": "Updated JBoss Enterprise Application Platform (JBEAP) packages that fix several security issues are now available.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nJBoss Enterprise Application Platform (JBEAP) is a middleware platform for Java 2 Platform, Enterprise Edition (J2EE) applications.\n\nThis release of JBEAP for Red Hat Enterprise Linux 4 contains the JBoss Application Server and JBoss Seam. This release serves as a replacement to JBEAP 4.2.0.GA. It fixes several security issues :\n\nThe JFreeChart component was vulnerable to multiple cross-site scripting (XSS) vulnerabilities. An attacker could misuse the image map feature to inject arbitrary web script, or HTML, via several attributes of the chart area. (CVE-2007-6306)\n\nA vulnerability caused by exposing static Java methods was located within the HSQLDB component. This could be utilized by an attacker to execute arbitrary static Java methods. (CVE-2007-4575)\n\nThe setOrder method in the org.jboss.seam.framework.Query class did not correctly validate user-supplied parameters. This vulnerability allowed remote attackers to inject, and execute, arbitrary Enterprise JavaBeans Query Language (EJB QL) commands via the order parameter.\n(CVE-2007-6433)\n\nThese updated packages include bug fixes and enhancements which are not listed here. For a full list, please refer to the JBEAP 4.2.0CP02 release notes:\nhttp://redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp02/readme.html\n\nWarning: before applying this update, please backup the JBEAP 'server/[configuration]/deploy/' directory, and any other customized configuration files.\n\nAll users of JBEAP on Red Hat Enterprise Linux 4 are advised to upgrade to these updated packages, which resolve these issues.", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 4 : JBoss EAP (RHSA-2008:0151)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4575", "CVE-2007-5461", "CVE-2007-6306", "CVE-2007-6433", "CVE-2008-0002"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:concurrent", "p-cpe:/a:redhat:enterprise_linux:glassfish-jaf", "p-cpe:/a:redhat:enterprise_linux:glassfish-javamail", "p-cpe:/a:redhat:enterprise_linux:glassfish-jsf", "p-cpe:/a:redhat:enterprise_linux:glassfish-jstl", "p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations", "p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations-javadoc", "p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager", "p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager-javadoc", "p-cpe:/a:redhat:enterprise_linux:hibernate3-javadoc", "p-cpe:/a:redhat:enterprise_linux:hsqldb", "p-cpe:/a:redhat:enterprise_linux:jacorb", "p-cpe:/a:redhat:enterprise_linux:jboss-aop", "p-cpe:/a:redhat:enterprise_linux:jboss-cache", "p-cpe:/a:redhat:enterprise_linux:jboss-common", "p-cpe:/a:redhat:enterprise_linux:jboss-remoting", "p-cpe:/a:redhat:enterprise_linux:jboss-seam", "p-cpe:/a:redhat:enterprise_linux:jboss-seam-docs", "p-cpe:/a:redhat:enterprise_linux:jbossas", "p-cpe:/a:redhat:enterprise_linux:jbossweb", "p-cpe:/a:redhat:enterprise_linux:jbossws-jboss42", "p-cpe:/a:redhat:enterprise_linux:jbossws-wsconsume-impl", "p-cpe:/a:redhat:enterprise_linux:jbossxb", "p-cpe:/a:redhat:enterprise_linux:jcommon", "p-cpe:/a:redhat:enterprise_linux:jfreechart", "p-cpe:/a:redhat:enterprise_linux:jgroups", "p-cpe:/a:redhat:enterprise_linux:rh-eap-docs", "p-cpe:/a:redhat:enterprise_linux:rh-eap-docs-examples", "p-cpe:/a:redhat:enterprise_linux:wsdl4j", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2008-0151.NASL", "href": "https://www.tenable.com/plugins/nessus/63848", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0151. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63848);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4575\", \"CVE-2007-5461\", \"CVE-2007-6306\", \"CVE-2007-6433\", \"CVE-2008-0002\");\n script_bugtraq_id(26703, 26752);\n script_xref(name:\"RHSA\", value:\"2008:0151\");\n\n script_name(english:\"RHEL 4 : JBoss EAP (RHSA-2008:0151)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated JBoss Enterprise Application Platform (JBEAP) packages that\nfix several security issues are now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nJBoss Enterprise Application Platform (JBEAP) is a middleware platform\nfor Java 2 Platform, Enterprise Edition (J2EE) applications.\n\nThis release of JBEAP for Red Hat Enterprise Linux 4 contains the\nJBoss Application Server and JBoss Seam. This release serves as a\nreplacement to JBEAP 4.2.0.GA. It fixes several security issues :\n\nThe JFreeChart component was vulnerable to multiple cross-site\nscripting (XSS) vulnerabilities. An attacker could misuse the image\nmap feature to inject arbitrary web script, or HTML, via several\nattributes of the chart area. (CVE-2007-6306)\n\nA vulnerability caused by exposing static Java methods was located\nwithin the HSQLDB component. This could be utilized by an attacker to\nexecute arbitrary static Java methods. (CVE-2007-4575)\n\nThe setOrder method in the org.jboss.seam.framework.Query class did\nnot correctly validate user-supplied parameters. This vulnerability\nallowed remote attackers to inject, and execute, arbitrary Enterprise\nJavaBeans Query Language (EJB QL) commands via the order parameter.\n(CVE-2007-6433)\n\nThese updated packages include bug fixes and enhancements which are\nnot listed here. For a full list, please refer to the JBEAP 4.2.0CP02\nrelease notes:\nhttp://redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp02/readme.html\n\nWarning: before applying this update, please backup the JBEAP\n'server/[configuration]/deploy/' directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP on Red Hat Enterprise Linux 4 are advised to\nupgrade to these updated packages, which resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0002\"\n );\n # http://redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp02/readme.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-us/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0151\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 22, 79, 94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:concurrent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glassfish-jaf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glassfish-javamail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glassfish-jsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glassfish-jstl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hsqldb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jacorb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-aop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-jboss42\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-wsconsume-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossxb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jcommon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jfreechart\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jgroups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eap-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eap-docs-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wsdl4j\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0151\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL4\", rpm:\"jbossas-4\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL4\", reference:\"concurrent-1.3.4-7jpp.ep1.6.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glassfish-jaf-1.1.0-0jpp.ep1.10.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glassfish-javamail-1.4.0-0jpp.ep1.8\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glassfish-jsf-1.2_04-1.p02.0jpp.ep1.18\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"glassfish-jstl-1.2.0-0jpp.ep1.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.2.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-annotations-javadoc-3.2.1-1.patch02.1jpp.ep1.2.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-entitymanager-3.2.1-1jpp.ep1.6.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.6.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hibernate3-javadoc-3.2.4-1.SP1_CP02.0jpp.ep1.1.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"hsqldb-1.8.0.8-2.patch01.1jpp.ep1.1\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jacorb-2.3.0-1jpp.ep1.4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-aop-1.5.5-1.CP01.0jpp.ep1.1.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-cache-1.4.1-4.SP8_CP01.1jpp.ep1.1.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-common-1.2.1-0jpp.ep1.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-remoting-2.2.2-3.SP4.0jpp.ep1.1\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam-1.2.1-1.ep1.3.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam-docs-1.2.1-1.ep1.3.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossas-4.2.0-3.GA_CP02.ep1.3.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossweb-2.0.0-3.CP05.0jpp.ep1.1\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossws-jboss42-1.2.1-0jpp.ep1.2.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossws-wsconsume-impl-2.0.0-0jpp.ep1.3\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossxb-1.0.0-2.SP1.0jpp.ep1.2.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jcommon-1.0.12-1jpp.ep1.2.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jfreechart-1.0.9-1jpp.ep1.2.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jgroups-2.4.1-1.SP4.0jpp.ep1.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rh-eap-docs-4.2.0-3.GA_CP02.ep1.1.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"rh-eap-docs-examples-4.2.0-3.GA_CP02.ep1.1.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"wsdl4j-1.6.2-1jpp.ep1.8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"concurrent / glassfish-jaf / glassfish-javamail / glassfish-jsf / etc\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:37:00", "description": "New JBoss Enterprise Application Platform (JBEAP) packages, comprising the 4.2.0.CP02 release, are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nJBEAP is a middleware platform for Java 2 Platform, Enterprise Edition (J2EE) applications.\n\nThis release of JBEAP for Red Hat Enterprise Linux 5 contains the JBoss Application Server and JBoss Seam and serves as a replacement for JBEAP 4.2.0.GA_CP01. As well as fixing numerous bugs and adding enhancements, these updated packages addresses several security issues.\n\nThe JFreeChart component was vulnerable to multiple cross-site scripting (XSS) vulnerabilities. An attacker could misuse the image map feature to inject arbitrary web script or HTML via several attributes of the chart area. (CVE-2007-6306)\n\nA vulnerability caused by exposing static java methods was located within the HSQLDB component. This could be utilized by an attacker to execute arbitrary static java methods. (CVE-2007-4575)\n\nThe setOrder method in the org.jboss.seam.framework.Query class did not properly validate user-supplied parameters. This vulnerability allowed remote attackers to inject and execute arbitrary EJBQL commands via the order parameter. (CVE-2007-6433)\n\nFor details regarding the bug fixes and enhancements included with this update, please see the JBoss Enterprise Application Platform 4.2.0.CP02 Release Notes, linked to in the References section below.\n\nAll Red Hat Enterprise Linux 5 users wanting to use the JBoss Enterprise Application Platform are advised to install these new packages.", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 5 : JBoss EAP (RHSA-2008:0213)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4575", "CVE-2007-5461", "CVE-2007-6306", "CVE-2007-6433", "CVE-2008-0002"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:concurrent", "p-cpe:/a:redhat:enterprise_linux:glassfish-jaf", "p-cpe:/a:redhat:enterprise_linux:glassfish-javamail", "p-cpe:/a:redhat:enterprise_linux:glassfish-jsf", "p-cpe:/a:redhat:enterprise_linux:glassfish-jstl", "p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations", "p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations-javadoc", "p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager", "p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager-javadoc", "p-cpe:/a:redhat:enterprise_linux:hibernate3-javadoc", "p-cpe:/a:redhat:enterprise_linux:jacorb", "p-cpe:/a:redhat:enterprise_linux:jboss-aop", "p-cpe:/a:redhat:enterprise_linux:jboss-cache", "p-cpe:/a:redhat:enterprise_linux:jboss-common", "p-cpe:/a:redhat:enterprise_linux:jboss-jbpm-bpel", "p-cpe:/a:redhat:enterprise_linux:jboss-jbpm-jpdl", "p-cpe:/a:redhat:enterprise_linux:jboss-remoting", "p-cpe:/a:redhat:enterprise_linux:jboss-seam", "p-cpe:/a:redhat:enterprise_linux:jboss-seam-docs", "p-cpe:/a:redhat:enterprise_linux:jbossas", "p-cpe:/a:redhat:enterprise_linux:jbossweb", "p-cpe:/a:redhat:enterprise_linux:jbossws-jboss42", "p-cpe:/a:redhat:enterprise_linux:jbossws-wsconsume-impl", "p-cpe:/a:redhat:enterprise_linux:jbossxb", "p-cpe:/a:redhat:enterprise_linux:jcommon", "p-cpe:/a:redhat:enterprise_linux:jfreechart", "p-cpe:/a:redhat:enterprise_linux:jgroups", "p-cpe:/a:redhat:enterprise_linux:juddi", "p-cpe:/a:redhat:enterprise_linux:rh-eap-docs", "p-cpe:/a:redhat:enterprise_linux:rh-eap-docs-examples", "p-cpe:/a:redhat:enterprise_linux:ws-commons-policy", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2008-0213.NASL", "href": "https://www.tenable.com/plugins/nessus/63851", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0213. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63851);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4575\", \"CVE-2007-5461\", \"CVE-2007-6306\", \"CVE-2007-6433\", \"CVE-2008-0002\");\n script_bugtraq_id(26703, 26752);\n script_xref(name:\"RHSA\", value:\"2008:0213\");\n\n script_name(english:\"RHEL 5 : JBoss EAP (RHSA-2008:0213)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New JBoss Enterprise Application Platform (JBEAP) packages, comprising\nthe 4.2.0.CP02 release, are now available for Red Hat Enterprise Linux\n5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nJBEAP is a middleware platform for Java 2 Platform, Enterprise Edition\n(J2EE) applications.\n\nThis release of JBEAP for Red Hat Enterprise Linux 5 contains the\nJBoss Application Server and JBoss Seam and serves as a replacement\nfor JBEAP 4.2.0.GA_CP01. As well as fixing numerous bugs and adding\nenhancements, these updated packages addresses several security\nissues.\n\nThe JFreeChart component was vulnerable to multiple cross-site\nscripting (XSS) vulnerabilities. An attacker could misuse the image\nmap feature to inject arbitrary web script or HTML via several\nattributes of the chart area. (CVE-2007-6306)\n\nA vulnerability caused by exposing static java methods was located\nwithin the HSQLDB component. This could be utilized by an attacker to\nexecute arbitrary static java methods. (CVE-2007-4575)\n\nThe setOrder method in the org.jboss.seam.framework.Query class did\nnot properly validate user-supplied parameters. This vulnerability\nallowed remote attackers to inject and execute arbitrary EJBQL\ncommands via the order parameter. (CVE-2007-6433)\n\nFor details regarding the bug fixes and enhancements included with\nthis update, please see the JBoss Enterprise Application Platform\n4.2.0.CP02 Release Notes, linked to in the References section below.\n\nAll Red Hat Enterprise Linux 5 users wanting to use the JBoss\nEnterprise Application Platform are advised to install these new\npackages.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0002\"\n );\n # http://redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp02/readme.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-us/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0213\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 22, 79, 94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:concurrent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glassfish-jaf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glassfish-javamail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glassfish-jsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glassfish-jstl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate3-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jacorb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-aop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jbpm-bpel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-jbpm-jpdl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-jboss42\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossws-wsconsume-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossxb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jcommon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jfreechart\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jgroups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:juddi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eap-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-eap-docs-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ws-commons-policy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0213\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"jbossas-4\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"concurrent-1.3.4-8jpp.ep1.6.el5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"glassfish-jaf-1.1.0-0jpp.ep1.9.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"glassfish-javamail-1.4.0-0jpp.ep1.8.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"glassfish-jsf-1.2_04-1.p02.0jpp.ep1.18.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"glassfish-jstl-1.2.0-0jpp.ep1.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.2.el5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-annotations-javadoc-3.2.1-1.patch02.1jpp.ep1.2.el5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-entitymanager-3.2.1-1jpp.ep1.6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hibernate3-javadoc-3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jacorb-2.3.0-1jpp.ep1.5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-aop-1.5.5-1.CP01.0jpp.ep1.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-cache-1.4.1-4.SP8_CP01.1jpp.ep1.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-common-1.2.1-0jpp.ep1.2.el5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jbpm-bpel-1.1.0-0jpp.ep1.3.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-jbpm-jpdl-3.2.0-0jpp.ep1.6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-remoting-2.2.2-3.SP4.0jpp.ep1.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam-1.2.1-1.ep1.3.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam-docs-1.2.1-1.ep1.3.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-4.2.0-4.GA_CP02.ep1.3.el5.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-2.0.0-3.CP05.0jpp.ep1.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossws-jboss42-1.2.1-0jpp.ep1.2.el5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossws-wsconsume-impl-2.0.0-0jpp.ep1.3.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossxb-1.0.0-2.SP1.0jpp.ep1.2.el5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jcommon-1.0.12-1jpp.ep1.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jfreechart-1.0.9-1jpp.ep1.2.el5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jgroups-2.4.1-1.SP4.0jpp.ep1.2.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"juddi-0.9-0.rc4.2jpp.ep1.3.el5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rh-eap-docs-4.2.0-3.GA_CP02.ep1.1.el5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rh-eap-docs-examples-4.2.0-3.GA_CP02.ep1.1.el5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ws-commons-policy-1.0-2jpp.ep1.4.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"concurrent / glassfish-jaf / glassfish-javamail / glassfish-jsf / etc\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:59:28", "description": "An updated tomcat package that fixes several security issues is now available for Red Hat Network Satellite Server 5.1.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nThis update corrects several security vulnerabilities in the Tomcat component shipped as part of Red Hat Network Satellite Server. In a typical operating environment, Tomcat is not exposed to users of Satellite Server in a vulnerable manner: By default, only Satellite Server applications are running on Tomcat. This update will reduce risk in unique Satellite Server environments.\n\nIt was discovered that request dispatchers did not properly normalize user requests that have trailing query strings, allowing remote attackers to send specially crafted requests that would cause an information leak. (CVE-2008-5515)\n\nA flaw was found in the way the Tomcat AJP (Apache JServ Protocol) connector processes AJP connections. An attacker could use this flaw to send specially crafted requests that would cause a temporary denial of service. (CVE-2009-0033)\n\nIt was discovered that web applications containing their own XML parsers could replace the XML parser Tomcat uses to parse configuration files. A malicious web application running on a Tomcat instance could read or, potentially, modify the configuration and XML-based data of other web applications deployed on the same Tomcat instance. (CVE-2009-0783)\n\nUsers of Red Hat Network Satellite Server 5.1 are advised to upgrade to this updated tomcat package, which contains backported patches to resolve these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "baseScore": 4.2, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2010-01-10T00:00:00", "type": "nessus", "title": "RHEL 4 : tomcat in Satellite Server (RHSA-2009:1617)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5333", "CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0783"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat5", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2009-1617.NASL", "href": "https://www.tenable.com/plugins/nessus/43845", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1617. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43845);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-5333\", \"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0783\");\n script_bugtraq_id(35193, 35263, 35416);\n script_xref(name:\"RHSA\", value:\"2009:1617\");\n\n script_name(english:\"RHEL 4 : tomcat in Satellite Server (RHSA-2009:1617)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated tomcat package that fixes several security issues is now\navailable for Red Hat Network Satellite Server 5.1.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nThis update corrects several security vulnerabilities in the Tomcat\ncomponent shipped as part of Red Hat Network Satellite Server. In a\ntypical operating environment, Tomcat is not exposed to users of\nSatellite Server in a vulnerable manner: By default, only Satellite\nServer applications are running on Tomcat. This update will reduce\nrisk in unique Satellite Server environments.\n\nIt was discovered that request dispatchers did not properly normalize\nuser requests that have trailing query strings, allowing remote\nattackers to send specially crafted requests that would cause an\ninformation leak. (CVE-2008-5515)\n\nA flaw was found in the way the Tomcat AJP (Apache JServ Protocol)\nconnector processes AJP connections. An attacker could use this flaw\nto send specially crafted requests that would cause a temporary denial\nof service. (CVE-2009-0033)\n\nIt was discovered that web applications containing their own XML\nparsers could replace the XML parser Tomcat uses to parse\nconfiguration files. A malicious web application running on a Tomcat\ninstance could read or, potentially, modify the configuration and\nXML-based data of other web applications deployed on the same Tomcat\ninstance. (CVE-2009-0783)\n\nUsers of Red Hat Network Satellite Server 5.1 are advised to upgrade\nto this updated tomcat package, which contains backported patches to\nresolve these issues. Tomcat must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5515\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-5.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1617\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat5 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 22, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1617\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL4\", rpm:\"spacewalk-admin-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Satellite Server\");\n\n if (rpm_check(release:\"RHEL4\", reference:\"tomcat5-5.0.30-0jpp_16rh\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:58:38", "description": "Updated tomcat packages that fix several security issues are now available for Red Hat Network Satellite Server 5.2 and 5.3.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nThis update corrects several security vulnerabilities in the Tomcat component shipped as part of Red Hat Network Satellite Server. In a typical operating environment, Tomcat is not exposed to users of Satellite Server in a vulnerable manner: By default, only Satellite Server applications are running on Tomcat. This update will reduce risk in unique Satellite Server environments.\n\nIt was discovered that the Red Hat Security Advisory RHSA-2007:1069 did not address all possible flaws in the way Tomcat handles certain characters and character sequences in cookie values. A remote attacker could use this flaw to obtain sensitive information, such as session IDs, and then use this information for session hijacking attacks.\n(CVE-2007-5333)\n\nNote: The fix for the CVE-2007-5333 flaw changes the default cookie processing behavior: With this update, version 0 cookies that contain values that must be quoted to be valid are automatically changed to version 1 cookies. To reactivate the previous, but insecure behavior, add the following entry to the '/etc/tomcat5/catalina.properties' file :\n\norg.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false\n\nIt was discovered that request dispatchers did not properly normalize user requests that have trailing query strings, allowing remote attackers to send specially crafted requests that would cause an information leak. (CVE-2008-5515)\n\nA flaw was found in the way the Tomcat AJP (Apache JServ Protocol) connector processes AJP connections. An attacker could use this flaw to send specially crafted requests that would cause a temporary denial of service. (CVE-2009-0033)\n\nIt was discovered that the error checking methods of certain authentication classes did not have sufficient error checking, allowing remote attackers to enumerate (via brute-force methods) usernames registered with applications running on Tomcat when FORM-based authentication was used. (CVE-2009-0580)\n\nIt was discovered that web applications containing their own XML parsers could replace the XML parser Tomcat uses to parse configuration files. A malicious web application running on a Tomcat instance could read or, potentially, modify the configuration and XML-based data of other web applications deployed on the same Tomcat instance. (CVE-2009-0783)\n\nUsers of Red Hat Network Satellite Server 5.2 and 5.3 are advised to upgrade to these updated tomcat packages, which contain backported patches to resolve these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "baseScore": 4.2, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2010-01-10T00:00:00", "type": "nessus", "title": "RHEL 4 : tomcat in Satellite Server (RHSA-2009:1616)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5333", "CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0783"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat5", "p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2009-1616.NASL", "href": "https://www.tenable.com/plugins/nessus/43844", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1616. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43844);\n script_version(\"1.32\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-5333\", \"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0783\");\n script_bugtraq_id(27706, 35193, 35196, 35263, 35416);\n script_xref(name:\"RHSA\", value:\"2009:1616\");\n\n script_name(english:\"RHEL 4 : tomcat in Satellite Server (RHSA-2009:1616)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat packages that fix several security issues are now\navailable for Red Hat Network Satellite Server 5.2 and 5.3.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nThis update corrects several security vulnerabilities in the Tomcat\ncomponent shipped as part of Red Hat Network Satellite Server. In a\ntypical operating environment, Tomcat is not exposed to users of\nSatellite Server in a vulnerable manner: By default, only Satellite\nServer applications are running on Tomcat. This update will reduce\nrisk in unique Satellite Server environments.\n\nIt was discovered that the Red Hat Security Advisory RHSA-2007:1069\ndid not address all possible flaws in the way Tomcat handles certain\ncharacters and character sequences in cookie values. A remote attacker\ncould use this flaw to obtain sensitive information, such as session\nIDs, and then use this information for session hijacking attacks.\n(CVE-2007-5333)\n\nNote: The fix for the CVE-2007-5333 flaw changes the default cookie\nprocessing behavior: With this update, version 0 cookies that contain\nvalues that must be quoted to be valid are automatically changed to\nversion 1 cookies. To reactivate the previous, but insecure behavior,\nadd the following entry to the '/etc/tomcat5/catalina.properties' \nfile :\n\norg.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false\n\nIt was discovered that request dispatchers did not properly normalize\nuser requests that have trailing query strings, allowing remote\nattackers to send specially crafted requests that would cause an\ninformation leak. (CVE-2008-5515)\n\nA flaw was found in the way the Tomcat AJP (Apache JServ Protocol)\nconnector processes AJP connections. An attacker could use this flaw\nto send specially crafted requests that would cause a temporary denial\nof service. (CVE-2009-0033)\n\nIt was discovered that the error checking methods of certain\nauthentication classes did not have sufficient error checking,\nallowing remote attackers to enumerate (via brute-force methods)\nusernames registered with applications running on Tomcat when\nFORM-based authentication was used. (CVE-2009-0580)\n\nIt was discovered that web applications containing their own XML\nparsers could replace the XML parser Tomcat uses to parse\nconfiguration files. A malicious web application running on a Tomcat\ninstance could read or, potentially, modify the configuration and\nXML-based data of other web applications deployed on the same Tomcat\ninstance. (CVE-2009-0783)\n\nUsers of Red Hat Network Satellite Server 5.2 and 5.3 are advised to\nupgrade to these updated tomcat packages, which contain backported\npatches to resolve these issues. Tomcat must be restarted for this\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5515\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-5.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1616\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 22, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1616\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL4\", rpm:\"spacewalk-admin-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Satellite Server\");\n\n if (rpm_check(release:\"RHEL4\", reference:\"tomcat5-5.5.23-0jpp_18rh\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"tomcat5-common-lib-5.5.23-0jpp_18rh\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"tomcat5-jasper-5.5.23-0jpp_18rh\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp_18rh\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"tomcat5-server-lib-5.5.23-0jpp_18rh\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp_18rh\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-common-lib / tomcat5-jasper / tomcat5-jsp-2.0-api / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:27:47", "description": "It was discovered that a prior security errata for Tomcat version tomcat5-5.5.23-0jpp.3.0.2.el5 did not address all possible flaws in the way Tomcat handles certain characters and character sequences in cookie values. A remote attacker could use this flaw to obtain sensitive information, such as session IDs, and then use this information for session hijacking attacks. (CVE-2007-5333)\n\nNote: The fix for the CVE-2007-5333 flaw changes the default cookie processing behavior: with this update, version 0 cookies that contain values that must be quoted to be valid are automatically changed to version 1 cookies. To reactivate the previous, but insecure behavior, add the following entry to the '/etc/tomcat5/catalina.properties' file :\n\norg.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false\n\nIt was discovered that request dispatchers did not properly normalize user requests that have trailing query strings, allowing remote attackers to send specially crafted requests that would cause an information leak. (CVE-2008-5515)\n\nA flaw was found in the way the Tomcat AJP (Apache JServ Protocol) connector processes AJP connections. An attacker could use this flaw to send specially crafted requests that would cause a temporary denial of service. (CVE-2009-0033)\n\nIt was discovered that the error checking methods of certain authentication classes did not have sufficient error checking, allowing remote attackers to enumerate (via brute-force methods) usernames registered with applications running on Tomcat when FORM-based authentication was used. (CVE-2009-0580)\n\nA cross-site scripting (XSS) flaw was found in the examples calendar application. With some web browsers, remote attackers could use this flaw to inject arbitrary web script or HTML via the 'time' parameter.\n(CVE-2009-0781)\n\nIt was discovered that web applications containing their own XML parsers could replace the XML parser Tomcat uses to parse configuration files. A malicious web application running on a Tomcat instance could read or, potentially, modify the configuration and XML-based data of other web applications deployed on the same Tomcat instance. (CVE-2009-0783)", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "baseScore": 4.2, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5333", "CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2009-0783"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090723_TOMCAT_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60621", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60621);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-5333\", \"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that a prior security errata for Tomcat version\ntomcat5-5.5.23-0jpp.3.0.2.el5 did not address all possible flaws in\nthe way Tomcat handles certain characters and character sequences in\ncookie values. A remote attacker could use this flaw to obtain\nsensitive information, such as session IDs, and then use this\ninformation for session hijacking attacks. (CVE-2007-5333)\n\nNote: The fix for the CVE-2007-5333 flaw changes the default cookie\nprocessing behavior: with this update, version 0 cookies that contain\nvalues that must be quoted to be valid are automatically changed to\nversion 1 cookies. To reactivate the previous, but insecure behavior,\nadd the following entry to the '/etc/tomcat5/catalina.properties' \nfile :\n\norg.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false\n\nIt was discovered that request dispatchers did not properly normalize\nuser requests that have trailing query strings, allowing remote\nattackers to send specially crafted requests that would cause an\ninformation leak. (CVE-2008-5515)\n\nA flaw was found in the way the Tomcat AJP (Apache JServ Protocol)\nconnector processes AJP connections. An attacker could use this flaw\nto send specially crafted requests that would cause a temporary denial\nof service. (CVE-2009-0033)\n\nIt was discovered that the error checking methods of certain\nauthentication classes did not have sufficient error checking,\nallowing remote attackers to enumerate (via brute-force methods)\nusernames registered with applications running on Tomcat when\nFORM-based authentication was used. (CVE-2009-0580)\n\nA cross-site scripting (XSS) flaw was found in the examples calendar\napplication. With some web browsers, remote attackers could use this\nflaw to inject arbitrary web script or HTML via the 'time' parameter.\n(CVE-2009-0781)\n\nIt was discovered that web applications containing their own XML\nparsers could replace the XML parser Tomcat uses to parse\nconfiguration files. A malicious web application running on a Tomcat\ninstance could read or, potentially, modify the configuration and\nXML-based data of other web applications deployed on the same Tomcat\ninstance. (CVE-2009-0783)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0907&L=scientific-linux-errata&T=0&P=1780\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ebb27b84\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 22, 79, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-5.5.23-0jpp.7.el5_3.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.7.el5_3.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.7.el5_3.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jasper-5.5.23-0jpp.7.el5_3.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_3.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_3.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_3.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.7.el5_3.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_3.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_3.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-webapps-5.5.23-0jpp.7.el5_3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project. To learn more about getting involved, click here. ", "cvss3": {}, "published": "2007-11-17T05:37:36", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1355", "CVE-2007-1358", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5461"], "modified": "2007-11-17T05:37:36", "id": "FEDORA:LAH5BMCQ011096", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SRMMDNIVPO5PGEIGQTBZ55LCJRMHFGAR/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:48", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project. To learn more about getting involved, click here. ", "cvss3": {}, "published": "2007-11-17T05:34:43", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1355", "CVE-2007-1358", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5461"], "modified": "2007-11-17T05:34:43", "id": "FEDORA:LAH5YH76010685", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EOTZTBJ2DOF3IB2MQFPQTYSFUO5DC7CU/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project. To learn more about getting involved, click here. ", "cvss3": {}, "published": "2008-02-13T05:14:35", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: tomcat5-5.5.26-1jpp.2.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1355", "CVE-2007-1358", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-6286", "CVE-2008-0002"], "modified": "2008-02-13T05:14:35", "id": "FEDORA:M1D5DC2X006390", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EHBSH7WN32646ILSVQYOF4N3PAE4RLBU/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project. To learn more about getting involved, click here. ", "cvss3": {}, "published": "2008-02-13T04:55:03", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1355", "CVE-2007-1358", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-6286", "CVE-2008-0002"], "modified": "2008-02-13T04:55:03", "id": "FEDORA:M1D4RW3M004324", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JSHQNO2NIRKDIYATEBK3D7AFRJO7I77V/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:49", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project. To learn more about getting involved, click here. ", "cvss3": {}, "published": "2008-09-16T23:28:35", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: tomcat5-5.5.27-0jpp.2.fc8", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1355", "CVE-2007-1358", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-6286", "CVE-2008-1232", "CVE-2008-1947", "CVE-2008-2370", "CVE-2008-2938"], "modified": "2008-09-16T23:28:35", "id": "FEDORA:EC5A9208DCA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SO63GDLSQW6JBBWPBCHSDUXPOGHO63Y2/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "openvas": [{"lastseen": "2017-07-25T10:56:59", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat5 FEDORA-2007-3474", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1355", "CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-3386", "CVE-2007-5461", "CVE-2007-3385", "CVE-2007-1358"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:861582", "href": "http://plugins.openvas.org/nasl.php?oid=861582", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat5 FEDORA-2007-3474\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License. Tomcat is intended to be\n a collaboration of the best-of-breed developers from around the world.\n We invite you to participate in this open development project. To\n learn more about getting involved, click here.\";\n\ntag_affected = \"tomcat5 on Fedora 8\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00545.html\");\n script_id(861582);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:23:18 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2007-3474\");\n script_cve_id(\"CVE-2007-1355\", \"CVE-2007-3386\", \"CVE-2007-3385\", \"CVE-2007-3382\", \"CVE-2007-2450\", \"CVE-2007-2449\", \"CVE-2007-5461\", \"CVE-2007-1358\");\n script_name( \"Fedora Update for tomcat5 FEDORA-2007-3474\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:19", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat5 FEDORA-2007-3456", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1355", "CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-3386", "CVE-2007-5461", "CVE-2007-3385", "CVE-2007-1358"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:861516", "href": "http://plugins.openvas.org/nasl.php?oid=861516", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat5 FEDORA-2007-3456\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License. Tomcat is intended to be\n a collaboration of the best-of-breed developers from around the world.\n We invite you to participate in this open development project. To\n learn more about getting involved, click here.\";\n\ntag_affected = \"tomcat5 on Fedora 7\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html\");\n script_id(861516);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:23:18 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2007-3456\");\n script_cve_id(\"CVE-2007-1355\", \"CVE-2007-3386\", \"CVE-2007-3385\", \"CVE-2007-3382\", \"CVE-2007-2450\", \"CVE-2007-2449\", \"CVE-2007-5461\", \"CVE-2007-1358\");\n script_name( \"Fedora Update for tomcat5 FEDORA-2007-3456\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:56:00", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-3386", "CVE-2007-5461", "CVE-2007-0450", "CVE-2007-3385"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:830069", "href": "http://plugins.openvas.org/nasl.php?oid=830069", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities were found in Tomcat:\n\n A directory traversal vulnerability, when using certain proxy modules,\n allows a remote attacker to read arbitrary files via a .. (dot dot)\n sequence with various slash, backslash, or url-encoded backslash\n characters (CVE-2007-0450; affects Mandriva Linux 2007.1 only).\n \n Multiple cross-site scripting vulnerabilities in certain JSP files\n allow remote attackers to inject arbitrary web script or HTML\n (CVE-2007-2449).\n \n Multiple cross-site scripting vulnerabilities in the Manager and Host\n Manager web applications allow remote authenticated users to inject\n arbitrary web script or HTML (CVE-2007-2450).\n \n Tomcat treated single quotes as delimiters in cookies, which could\n cause sensitive information such as session IDs to be leaked and allow\n remote attackers to conduct session hijacking attacks (CVE-2007-3382).\n \n Tomcat did not properly handle the &quot; character sequence in a cookie\n value, which could cause sensitive information such as session IDs\n to be leaked and allow remote attackers to conduct session hijacking\n attacks (CVE-2007-3385).\n \n A cross-site scripting vulnerability in the Host Manager servlet\n allowed remote attackers to inject arbitrary HTML and web script via\n crafted attacks (CVE-2007-3386).\n \n Finally, an absolute path traversal vulnerability, under certain\n configurations, allows remote authenticated users to read arbitrary\n files via a WebDAV write request that specifies an entity with a\n SYSTEM tag (CVE-2007-5461).\n \n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-12/msg00009.php\");\n script_id(830069);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:00:25 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"MDKSA\", value: \"2007:241\");\n script_cve_id(\"CVE-2007-0450\", \"CVE-2007-2449\", \"CVE-2007-2450\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\", \"CVE-2007-5461\");\n script_name( \"Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5)\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~javadoc~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~javadoc~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~javadoc~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~javadoc~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-09T11:38:26", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-3386", "CVE-2007-5461", "CVE-2007-0450", "CVE-2007-3385"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310830069", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830069", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities were found in Tomcat:\n\n A directory traversal vulnerability, when using certain proxy modules,\n allows a remote attacker to read arbitrary files via a .. (dot dot)\n sequence with various slash, backslash, or url-encoded backslash\n characters (CVE-2007-0450; affects Mandriva Linux 2007.1 only).\n \n Multiple cross-site scripting vulnerabilities in certain JSP files\n allow remote attackers to inject arbitrary web script or HTML\n (CVE-2007-2449).\n \n Multiple cross-site scripting vulnerabilities in the Manager and Host\n Manager web applications allow remote authenticated users to inject\n arbitrary web script or HTML (CVE-2007-2450).\n \n Tomcat treated single quotes as delimiters in cookies, which could\n cause sensitive information such as session IDs to be leaked and allow\n remote attackers to conduct session hijacking attacks (CVE-2007-3382).\n \n Tomcat did not properly handle the &quot; character sequence in a cookie\n value, which could cause sensitive information such as session IDs\n to be leaked and allow remote attackers to conduct session hijacking\n attacks (CVE-2007-3385).\n \n A cross-site scripting vulnerability in the Host Manager servlet\n allowed remote attackers to inject arbitrary HTML and web script via\n crafted attacks (CVE-2007-3386).\n \n Finally, an absolute path traversal vulnerability, under certain\n configurations, allows remote authenticated users to read arbitrary\n files via a WebDAV write request that specifies an entity with a\n SYSTEM tag (CVE-2007-5461).\n \n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-12/msg00009.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830069\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:00:25 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"MDKSA\", value: \"2007:241\");\n script_cve_id(\"CVE-2007-0450\", \"CVE-2007-2449\", \"CVE-2007-2450\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\", \"CVE-2007-5461\");\n script_name( \"Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~javadoc~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~javadoc~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~javadoc~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~javadoc~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:19", "description": "The remote host is missing an update to tomcat5\nannounced via advisory DSA 1453-1.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1453-1 (tomcat5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-3382", "CVE-2007-5461", "CVE-2007-3385"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:60108", "href": "http://plugins.openvas.org/nasl.php?oid=60108", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1453_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1453-1 (tomcat5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2007-3382\n\nIt was discovered that single quotes (') in cookies were treated\nas a delimiter, which could lead to an information leak.\n\nCVE-2007-3385\n\nIt was discovered that the character sequence \\ in cookies was\nhandled incorrectly, which could lead to an information leak.\n\nCVE-2007-5461\n\nIt was discovered that the WebDAV servlet is vulnerable to absolute\npath traversal.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 5.0.30-12etch1.\n\nThe old stable distribution (sarge) doesn't contain tomcat5.\n\nThe unstable distribution (sid) no longer contains tomcat5.\n\nWe recommend that you upgrade your tomcat5 packages.\";\ntag_summary = \"The remote host is missing an update to tomcat5\nannounced via advisory DSA 1453-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201453-1\";\n\n\nif(description)\n{\n script_id(60108);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:23:47 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-5461\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Debian Security Advisory DSA 1453-1 (tomcat5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"tomcat5\", ver:\"5.0.30-12etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat5-java\", ver:\"5.0.30-12etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat5-admin\", ver:\"5.0.30-12etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat5-webapps\", ver:\"5.0.30-12etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:00", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat5 FEDORA-2008-1603", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5342", "CVE-2007-1355", "CVE-2007-5333", "CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-3386", "CVE-2007-5461", "CVE-2007-6286", "CVE-2007-3385", "CVE-2007-1358", "CVE-2008-0002"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860345", "href": "http://plugins.openvas.org/nasl.php?oid=860345", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat5 FEDORA-2008-1603\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License. Tomcat is intended to be\n a collaboration of the best-of-breed developers from around the world.\n We invite you to participate in this open development project. To\n learn more about getting involved, click here.\";\n\ntag_affected = \"tomcat5 on Fedora 8\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html\");\n script_id(860345);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2008-1603\");\n script_cve_id(\"CVE-2007-5342\", \"CVE-2007-5333\", \"CVE-2007-5461\", \"CVE-2007-6286\", \"CVE-2007-1355\", \"CVE-2007-3386\", \"CVE-2007-3385\", \"CVE-2007-3382\", \"CVE-2007-2450\", \"CVE-2007-2449\", \"CVE-2007-1358\", \"CVE-2008-0002\");\n script_name( \"Fedora Update for tomcat5 FEDORA-2008-1603\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.26~1jpp.2.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:57:08", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2009-02-16T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat5 FEDORA-2008-1467", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5342", "CVE-2007-1355", "CVE-2007-5333", "CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-3386", "CVE-2007-5461", "CVE-2007-6286", "CVE-2007-3385", "CVE-2007-1358", "CVE-2008-0002"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860524", "href": "http://plugins.openvas.org/nasl.php?oid=860524", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat5 FEDORA-2008-1467\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License. Tomcat is intended to be\n a collaboration of the best-of-breed developers from around the world.\n We invite you to participate in this open development project. To\n learn more about getting involved, click here.\";\n\ntag_affected = \"tomcat5 on Fedora 7\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html\");\n script_id(860524);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2008-1467\");\n script_cve_id(\"CVE-2007-5342\", \"CVE-2007-5333\", \"CVE-2007-5461\", \"CVE-2007-6286\", \"CVE-2007-1355\", \"CVE-2007-3386\", \"CVE-2007-3385\", \"CVE-2007-3382\", \"CVE-2007-2450\", \"CVE-2007-2449\", \"CVE-2007-1358\", \"CVE-2008-0002\");\n script_name( \"Fedora Update for tomcat5 FEDORA-2008-1467\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.26~1jpp.2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:57:03", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2009-02-17T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat5 FEDORA-2008-8130", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5342", "CVE-2007-1355", "CVE-2007-5333", "CVE-2007-3382", "CVE-2008-1947", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-3386", "CVE-2008-2938", "CVE-2007-5461", "CVE-2007-6286", "CVE-2008-2370", "CVE-2007-3385", "CVE-2007-1358", "CVE-2008-1232"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860400", "href": "http://plugins.openvas.org/nasl.php?oid=860400", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat5 FEDORA-2008-8130\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License. Tomcat is intended to be\n a collaboration of the best-of-breed developers from around the world.\n We invite you to participate in this open development project. To\n learn more about getting involved, click here.\";\n\ntag_affected = \"tomcat5 on Fedora 8\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html\");\n script_id(860400);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:05:11 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2008-8130\");\n script_cve_id(\"CVE-2007-5342\", \"CVE-2007-5333\", \"CVE-2007-5461\", \"CVE-2007-6286\", \"CVE-2007-1355\", \"CVE-2007-3386\", \"CVE-2007-3385\", \"CVE-2007-3382\", \"CVE-2007-2450\", \"CVE-2007-2449\", \"CVE-2007-1358\", \"CVE-2008-1232\", \"CVE-2008-1947\", \"CVE-2008-2370\", \"CVE-2008-2938\");\n script_name( \"Fedora Update for tomcat5 FEDORA-2008-8130\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0jpp.2.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:49:49", "description": "The remote host is missing an update to tomcat5.5\nannounced via advisory DSA 1447-1.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1447-1 (tomcat5.5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5342", "CVE-2007-3382", "CVE-2007-3386", "CVE-2007-5461", "CVE-2007-3385"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:60102", "href": "http://plugins.openvas.org/nasl.php?oid=60102", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1447_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1447-1 (tomcat5.5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2007-3382\n\nIt was discovered that single quotes (') in cookies were treated\nas a delimiter, which could lead to an information leak.\n\nCVE-2007-3385\n\nIt was discovered that the character sequence \\ in cookies was\nhandled incorrectly, which could lead to an information leak.\n\nCVE-2007-3386\n\nIt was discovered that the host manager servlet performed\ninsufficient input validation, which could lead to cross-site\nscripting.\n\nCVE-2007-5342\n\nIt was discovered that the JULI logging component did not restrict\nits target path, resulting in potential denial of service through\nfile overwrites.\n\nCVE-2007-5461\n\nIt was discovered that the WebDAV servlet is vulnerable to absolute\npath traversal.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 5.5.20-2etch1.\n\nThe old stable distribution (sarge) doesn't contain tomcat5.5.\n\nThe unstable distribution (sid) will be fixed soon.\n\nWe recommend that you upgrade your tomcat5.5 packages.\";\ntag_summary = \"The remote host is missing an update to tomcat5.5\nannounced via advisory DSA 1447-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201447-1\";\n\n\nif(description)\n{\n script_id(60102);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:23:47 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\", \"CVE-2007-5342\", \"CVE-2007-5461\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1447-1 (tomcat5.5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libtomcat5.5-java\", ver:\"5.5.20-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat5.5-webapps\", ver:\"5.5.20-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat5.5\", ver:\"5.5.20-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat5.5-admin\", ver:\"5.5.20-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2020-03-14T18:59:06", "description": "Oracle Linux Local Security Checks ELSA-2007-0569", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2007-0569", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2450", "CVE-2007-2449"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310122674", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122674", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122674\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:50:51 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2007-0569\");\n script_tag(name:\"insight\", value:\"ELSA-2007-0569 - Moderate: tomcat security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2007-0569\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2007-0569.html\");\n script_cve_id(\"CVE-2007-2449\", \"CVE-2007-2450\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.1.0.4.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.1.0.4.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.1.0.4.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.1.0.4.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.1.0.4.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.1.0.4.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.1.0.4.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.1.0.4.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.1.0.4.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.1.0.4.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.1.0.4.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-02T21:10:02", "description": "The remote host is missing Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004.\n One or more of the following components are affected:\n\n Alias Manager\n CoreTypes\n c++filt\n Dock\n Launch Services\n Net-SNMP\n Ruby\n SMB File Server\n System Configuration\n Tomcat\n VPN\n WebKit", "cvss3": {}, "published": "2010-05-12T00:00:00", "type": "openvas", "title": "Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1355", "CVE-2008-2664", "CVE-2007-6276", "CVE-2007-5333", "CVE-2007-3383", "CVE-2007-3382", "CVE-2008-2311", "CVE-2007-2450", "CVE-2008-0960", "CVE-2008-1145", "CVE-2007-2449", "CVE-2008-2663", "CVE-2005-3164", "CVE-2008-2310", "CVE-2007-5461", "CVE-2008-2725", "CVE-2008-2307", "CVE-2008-2726", "CVE-2008-2314", "CVE-2008-2662", "CVE-2008-1105", "CVE-2007-3385", "CVE-2008-2309", "CVE-2008-2313", "CVE-2008-2308"], "modified": "2017-02-22T00:00:00", "id": "OPENVAS:102032", "href": "http://plugins.openvas.org/nasl.php?oid=102032", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004\n#\n# LSS-NVT-2010-021\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\ntag_solution = \"Update your Mac OS X operating system.\n\n For more information see:\n http://support.apple.com/kb/HT2163\";\n\ntag_summary = \"The remote host is missing Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004.\n One or more of the following components are affected:\n\n Alias Manager\n CoreTypes\n c++filt\n Dock\n Launch Services\n Net-SNMP\n Ruby\n SMB File Server\n System Configuration\n Tomcat\n VPN\n WebKit\";\n\n\nif(description)\n{\n script_id(102032);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2008-2308\",\"CVE-2008-2309\",\"CVE-2008-2310\",\"CVE-2008-2314\",\"CVE-2008-2311\",\"CVE-2008-0960\",\"CVE-2008-2662\",\"CVE-2008-2663\",\"CVE-2008-2664\",\"CVE-2008-2725\",\"CVE-2008-2726\",\"CVE-2008-1145\",\"CVE-2008-1105\",\"CVE-2008-2313\",\"CVE-2005-3164\",\"CVE-2007-1355\",\"CVE-2007-2449\",\"CVE-2007-2450\",\"CVE-2007-3382\",\"CVE-2007-3383\",\"CVE-2007-5333\",\"CVE-2007-3385\",\"CVE-2007-5461\",\"CVE-2007-6276\",\"CVE-2008-2307\");\n script_name(\"Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_require_ports(\"Services/ssh\", 22);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver) exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.4.11\",\"Mac OS X Server 10.4.11\",\"Mac OS X 10.5.3\",\"Mac OS X Server 10.5.3\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message(0); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.4.11\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.4.11\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2008.004\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.4.11\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.4.11\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X Server 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2008.004\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.3\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.5.4\")) { security_message(0); exit(0); }\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.3\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.5.4\")) { security_message(0); exit(0); }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:10", "description": "The remote host is missing Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004.", "cvss3": {}, "published": "2010-05-12T00:00:00", "type": "openvas", "title": "Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1355", "CVE-2008-2664", "CVE-2007-6276", "CVE-2007-5333", "CVE-2007-3383", "CVE-2007-3382", "CVE-2008-2311", "CVE-2007-2450", "CVE-2008-0960", "CVE-2008-1145", "CVE-2007-2449", "CVE-2008-2663", "CVE-2005-3164", "CVE-2008-2310", "CVE-2007-5461", "CVE-2008-2725", "CVE-2008-2307", "CVE-2008-2726", "CVE-2008-2314", "CVE-2008-2662", "CVE-2008-1105", "CVE-2007-3385", "CVE-2008-2309", "CVE-2008-2313", "CVE-2008-2308"], "modified": "2019-03-19T00:00:00", "id": "OPENVAS:1361412562310102032", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310102032", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n# $Id: macosx_upd_10_5_4_secupd_2008-004.nasl 14307 2019-03-19 10:09:27Z cfischer $\n#\n# Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004\n#\n# LSS-NVT-2010-021\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.102032\");\n script_version(\"$Revision: 14307 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 11:09:27 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2008-2308\", \"CVE-2008-2309\", \"CVE-2008-2310\", \"CVE-2008-2314\", \"CVE-2008-2311\",\n \"CVE-2008-0960\", \"CVE-2008-2662\", \"CVE-2008-2663\", \"CVE-2008-2664\", \"CVE-2008-2725\",\n \"CVE-2008-2726\", \"CVE-2008-1145\", \"CVE-2008-1105\", \"CVE-2008-2313\", \"CVE-2005-3164\",\n \"CVE-2007-1355\", \"CVE-2007-2449\", \"CVE-2007-2450\", \"CVE-2007-3382\", \"CVE-2007-3383\",\n \"CVE-2007-5333\", \"CVE-2007-3385\", \"CVE-2007-5461\", \"CVE-2007-6276\", \"CVE-2008-2307\");\n script_name(\"Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.[45]\\.\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT2163\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004.\");\n\n script_tag(name:\"affected\", value:\"One or more of the following components are affected:\n\n Alias Manager\n\n CoreTypes\n\n c++filt\n\n Dock\n\n Launch Services\n\n Net-SNMP\n\n Ruby\n\n SMB File Server\n\n System Configuration\n\n Tomcat\n\n VPN\n\n WebKit\");\n\n script_tag(name:\"solution\", value:\"Update your Mac OS X operating system. Please see the references for more information.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver || ssh_osx_ver !~ \"^10\\.[45]\\.\") exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.4.11\",\"Mac OS X Server 10.4.11\",\"Mac OS X 10.5.3\",\"Mac OS X Server 10.5.3\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.4.11\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.4.11\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2008.004\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.4.11\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.4.11\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X Server 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2008.004\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.3\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.5.4\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0); }\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.3\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.5.4\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0); }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T18:58:55", "description": "Oracle Linux Local Security Checks ELSA-2007-0871", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2007-0871", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-3382", "CVE-2007-3386", "CVE-2007-3385"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310122660", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122660", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122660\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:50:28 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2007-0871\");\n script_tag(name:\"insight\", value:\"ELSA-2007-0871 - Moderate: tomcat security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2007-0871\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2007-0871.html\");\n script_cve_id(\"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.3.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.3.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.3.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.3.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.3.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.3.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.3.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.3.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.3.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.3.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.3.0.2.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-04-06T11:40:38", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n websphere-as_ce\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for Websphere Community Edition", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5342", "CVE-2007-5333", "CVE-2007-3382", "CVE-2007-0184", "CVE-2007-0185", "CVE-2008-1947", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-5613", "CVE-2007-3386", "CVE-2008-2938", "CVE-2007-5461", "CVE-2007-6286", "CVE-2008-2370", "CVE-2007-2377", "CVE-2007-3385", "CVE-2008-1232", "CVE-2007-5615", "CVE-2008-0002"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065836", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065836", "sourceData": "#\n#VID slesp2-websphere-as_ce-5850\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Websphere Community Edition\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n websphere-as_ce\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65836\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2007-0184\", \"CVE-2007-0185\", \"CVE-2007-2377\", \"CVE-2007-2449\", \"CVE-2007-2450\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\", \"CVE-2007-5333\", \"CVE-2007-5342\", \"CVE-2007-5461\", \"CVE-2007-5613\", \"CVE-2007-5615\", \"CVE-2007-6286\", \"CVE-2008-0002\", \"CVE-2008-1232\", \"CVE-2008-1947\", \"CVE-2008-2370\", \"CVE-2008-2938\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES10: Security update for Websphere Community Edition\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"websphere-as_ce\", rpm:\"websphere-as_ce~2.1.0.1~3.3\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:56:20", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n websphere-as_ce\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for Websphere Community Edition", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5342", "CVE-2007-5333", "CVE-2007-3382", "CVE-2007-0184", "CVE-2007-0185", "CVE-2008-1947", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-5613", "CVE-2007-3386", "CVE-2008-2938", "CVE-2007-5461", "CVE-2007-6286", "CVE-2008-2370", "CVE-2007-2377", "CVE-2007-3385", "CVE-2008-1232", "CVE-2007-5615", "CVE-2008-0002"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65836", "href": "http://plugins.openvas.org/nasl.php?oid=65836", "sourceData": "#\n#VID slesp2-websphere-as_ce-5850\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Websphere Community Edition\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n websphere-as_ce\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65836);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2007-0184\", \"CVE-2007-0185\", \"CVE-2007-2377\", \"CVE-2007-2449\", \"CVE-2007-2450\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\", \"CVE-2007-5333\", \"CVE-2007-5342\", \"CVE-2007-5461\", \"CVE-2007-5613\", \"CVE-2007-5615\", \"CVE-2007-6286\", \"CVE-2008-0002\", \"CVE-2008-1232\", \"CVE-2008-1947\", \"CVE-2008-2370\", \"CVE-2008-2938\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES10: Security update for Websphere Community Edition\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"websphere-as_ce\", rpm:\"websphere-as_ce~2.1.0.1~3.3\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:55", "description": "Check for the Version of Apache", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "HP-UX Update for Apache HPSBUX02262", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1355", "CVE-2005-2090", "CVE-2007-0774", "CVE-2007-2872", "CVE-2007-1860", "CVE-2007-3382", "CVE-2007-2756", "CVE-2007-2450", "CVE-2007-2449", "CVE-2006-5752", "CVE-2007-3386", "CVE-2007-1887", "CVE-2007-0450", "CVE-2007-1900", "CVE-2007-3385", "CVE-2007-1358", "CVE-2007-1863"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310835005", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835005", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache HPSBUX02262\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote arbitrary code execution\n cross site scripting (XSS)\";\ntag_affected = \"Apache on\n HP-UX B.11.11, B.11.23, B.11.31 running Apache\";\ntag_insight = \"Potential security vulnerabilities have been identified with Apache running \n on HP-UX. The vulnerabilities could be exploited remotely via Cross Site \n Scripting (XSS) to execute arbitrary code.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01178795-2\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835005\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"HPSBUX\", value: \"02262\");\n script_cve_id(\"CVE-2005-2090\", \"CVE-2006-5752\", \"CVE-2007-0450\", \"CVE-2007-0774\", \"CVE-2007-1355\", \"CVE-2007-1358\", \"CVE-2007-1860\", \"CVE-2007-1863\", \"CVE-2007-1887\", \"CVE-2007-1900\", \"CVE-2007-2449\", \"CVE-2007-2450\", \"CVE-2007-2756\", \"CVE-2007-2872\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\");\n script_name( \"HP-UX Update for Apache HPSBUX02262\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.59.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.59.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.59.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.59.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:33", "description": "Check for the Version of Apache", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "HP-UX Update for Apache HPSBUX02262", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1355", "CVE-2005-2090", "CVE-2007-0774", "CVE-2007-2872", "CVE-2007-1860", "CVE-2007-3382", "CVE-2007-2756", "CVE-2007-2450", "CVE-2007-2449", "CVE-2006-5752", "CVE-2007-3386", "CVE-2007-1887", "CVE-2007-0450", "CVE-2007-1900", "CVE-2007-3385", "CVE-2007-1358", "CVE-2007-1863"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:835005", "href": "http://plugins.openvas.org/nasl.php?oid=835005", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache HPSBUX02262\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote arbitrary code execution\n cross site scripting (XSS)\";\ntag_affected = \"Apache on\n HP-UX B.11.11, B.11.23, B.11.31 running Apache\";\ntag_insight = \"Potential security vulnerabilities have been identified with Apache running \n on HP-UX. The vulnerabilities could be exploited remotely via Cross Site \n Scripting (XSS) to execute arbitrary code.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01178795-2\");\n script_id(835005);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"HPSBUX\", value: \"02262\");\n script_cve_id(\"CVE-2005-2090\", \"CVE-2006-5752\", \"CVE-2007-0450\", \"CVE-2007-0774\", \"CVE-2007-1355\", \"CVE-2007-1358\", \"CVE-2007-1860\", \"CVE-2007-1863\", \"CVE-2007-1887\", \"CVE-2007-1900\", \"CVE-2007-2449\", \"CVE-2007-2450\", \"CVE-2007-2756\", \"CVE-2007-2872\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\");\n script_name( \"HP-UX Update for Apache HPSBUX02262\");\n\n script_summary(\"Check for the Version of Apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.59.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.59.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.59.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.59.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:42", "description": "The remote host is missing updates announced in\nadvisory GLSA 200804-10.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200804-10 (tomcat)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5342", "CVE-2007-5333", "CVE-2007-5461", "CVE-2007-6286", "CVE-2008-0002"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:60810", "href": "http://plugins.openvas.org/nasl.php?oid=60810", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in Tomcat may lead to local file overwriting,\nsession hijacking or information disclosure.\";\ntag_solution = \"All Tomcat 5.5.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-5.5.26'\n\nAll Tomcat 6.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-6.0.16'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200804-10\nhttp://bugs.gentoo.org/show_bug.cgi?id=196066\nhttp://bugs.gentoo.org/show_bug.cgi?id=203169\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200804-10.\";\n\n \n\nif(description)\n{\n script_id(60810);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-5333\", \"CVE-2007-5342\", \"CVE-2007-5461\", \"CVE-2007-6286\", \"CVE-2008-0002\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200804-10 (tomcat)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-servers/tomcat\", unaffected: make_list(\"rge 5.5.26\", \"ge 6.0.16\"), vulnerable: make_list(\"lt 6.0.16\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-02T21:10:10", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: apache-tomcat", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1355"], "modified": "2016-09-15T00:00:00", "id": "OPENVAS:58825", "href": "http://plugins.openvas.org/nasl.php?oid=58825", "sourceData": "#\n#VID ab2575d6-39f0-11dc-b8cc-000fea449b8a\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n apache-tomcat\n tomcat\n jakarta-tomcat\n\n=====\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\nif(description)\n{\n script_id(58825);\n script_version(\"$Revision: 4075 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-15 15:13:05 +0200 (Thu, 15 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2007-1355\");\n script_bugtraq_id(24058);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"FreeBSD Ports: apache-tomcat\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"apache-tomcat\");\nif(!isnull(bver) && revcomp(a:bver, b:\"6.0.0\")>0 && revcomp(a:bver, b:\"6.0.11\")<0) {\n txt += 'Package apache-tomcat version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"tomcat\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.0.0\")>0 && revcomp(a:bver, b:\"5.5.24\")<0) {\n txt += 'Package tomcat version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"jakarta-tomcat\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.0.0\")>0 && revcomp(a:bver, b:\"5.5.24\")<0) {\n txt += 'Package jakarta-tomcat version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2020-05-12T17:24:26", "description": "This host is running Apache Tomcat and is prone to Cross Site Scripting\n vulnerability.", "cvss3": {}, "published": "2015-04-15T00:00:00", "type": "openvas", "title": "Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1355"], "modified": "2020-05-08T00:00:00", "id": "OPENVAS:1361412562310111014", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310111014", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability\n#\n# Authors:\n# Christian Fischer <info@schutzwerk.com>\n#\n# Copyright:\n# Copyright (C) 2015 SCHUTZWERK GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.111014\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-04-15 07:00:00 +0100 (Wed, 15 Apr 2015)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2007-1355\");\n script_bugtraq_id(24476);\n script_name(\"Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2015 SCHUTZWERK GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_mandatory_keys(\"apache/tomcat/http/detected\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/24476/\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-5.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-4.html\");\n\n script_tag(name:\"impact\", value:\"Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users\n in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat version 4.0.1 to 4.0.6, 4.1.0 to 4.1.36, 5.0.0 to 5.0.30, 5.5.0 to 5.5.23 and 6.0.0 to 6.0.10\");\n\n script_tag(name:\"solution\", value:\"Update your Apache Tomcat to a non-affected version.\");\n\n script_tag(name:\"summary\", value:\"This host is running Apache Tomcat and is prone to Cross Site Scripting\n vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_app\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"http_keepalive.inc\");\n\nif( ! port = get_app_port( cpe:CPE, service:\"www\" ) ) exit( 0 );\nif( ! dir = get_app_location( cpe:CPE, port:port ) ) exit( 0 );\n\nurl = \"/jsp-examples/snp/snoop.jsp;test<script>alert('attack');</script>\";\n\nif( http_vuln_check( port:port, url:url, pattern:\"<script>alert\\('attack'\\);</script>\", extra_check:\"test\", check_header:TRUE ) ) {\n report = http_report_vuln_url( port:port, url:url );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-26T08:56:06", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n jakarta-tomcat-doc\n apache-jakarta-tomcat-connectors\n jakarta-tomcat\n jakarta-tomcat-examples\n apache2-jakarta-tomcat-connectors\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021793 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for Tomcat", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2090", "CVE-2007-1860", "CVE-2007-3382", "CVE-2008-0128", "CVE-2007-3385", "CVE-2007-5641"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65440", "href": "http://plugins.openvas.org/nasl.php?oid=65440", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5021793.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Tomcat\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n jakarta-tomcat-doc\n apache-jakarta-tomcat-connectors\n jakarta-tomcat\n jakarta-tomcat-examples\n apache2-jakarta-tomcat-connectors\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021793 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65440);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-1860\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-5641\", \"CVE-2005-2090\", \"CVE-2008-0128\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for Tomcat\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"jakarta-tomcat-doc\", rpm:\"jakarta-tomcat-doc~5.0.19~29.11\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:57", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n jakarta-tomcat-doc\n apache-jakarta-tomcat-connectors\n jakarta-tomcat\n jakarta-tomcat-examples\n apache2-jakarta-tomcat-connectors\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021793 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for Tomcat", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2090", "CVE-2007-1860", "CVE-2007-3382", "CVE-2008-0128", "CVE-2007-3385", "CVE-2007-5641"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065440", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065440", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5021793.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Tomcat\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n jakarta-tomcat-doc\n apache-jakarta-tomcat-connectors\n jakarta-tomcat\n jakarta-tomcat-examples\n apache2-jakarta-tomcat-connectors\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021793 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65440\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-1860\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-5641\", \"CVE-2005-2090\", \"CVE-2008-0128\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for Tomcat\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"jakarta-tomcat-doc\", rpm:\"jakarta-tomcat-doc~5.0.19~29.11\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:52", "description": "The remote host is missing an update to tomcat5\nannounced via advisory MDVSA-2009:018.", "cvss3": {}, "published": "2009-01-20T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:018 (tomcat5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5333"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:63205", "href": "http://plugins.openvas.org/nasl.php?oid=63205", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_018.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:018 (tomcat5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat does not properly handle certain characters in a cookie\nvalue, which could possibly lead to the leak of sensitive information\nsuch as session IDs (CVE-2007-5333).\n\nThe updated packages have been patched to prevent this issue.\n\nAffected: 2008.1\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:018\";\ntag_summary = \"The remote host is missing an update to tomcat5\nannounced via advisory MDVSA-2009:018.\";\n\n \n\nif(description)\n{\n script_id(63205);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-20 22:42:09 +0100 (Tue, 20 Jan 2009)\");\n script_cve_id(\"CVE-2007-5333\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:018 (tomcat5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.25~1.2.1.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.25~1.2.1.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.25~1.2.1.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.25~1.2.1.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.25~1.2.1.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.25~1.2.1.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.25~1.2.1.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.25~1.2.1.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.25~1.2.1.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.25~1.2.1.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.25~1.2.1.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.25~1.2.1.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-06T11:39:35", "description": "The remote host is missing an update to tomcat5\nannounced via advisory MDVSA-2009:018.", "cvss3": {}, "published": "2009-01-20T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:018 (tomcat5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5333"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063205", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063205", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_018.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:018 (tomcat5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat does not properly handle certain characters in a cookie\nvalue, which could possibly lead to the leak of sensitive information\nsuch as session IDs (CVE-2007-5333).\n\nThe updated packages have been patched to prevent this issue.\n\nAffected: 2008.1\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:018\";\ntag_summary = \"The remote host is missing an update to tomcat5\nannounced via advisory MDVSA-2009:018.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63205\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-20 22:42:09 +0100 (Tue, 20 Jan 2009)\");\n script_cve_id(\"CVE-2007-5333\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:018 (tomcat5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.25~1.2.1.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.25~1.2.1.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.25~1.2.1.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.25~1.2.1.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.25~1.2.1.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.25~1.2.1.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.25~1.2.1.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.25~1.2.1.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.25~1.2.1.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.25~1.2.1.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.25~1.2.1.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.25~1.2.1.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2020-03-14T19:00:11", "description": "Oracle Linux Local Security Checks ELSA-2008-0042", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2008-0042", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5342", "CVE-2007-5461"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310122603", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122603", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122603\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:49:05 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2008-0042\");\n script_tag(name:\"insight\", value:\"ELSA-2008-0042 - Moderate: tomcat security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2008-0042\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2008-0042.html\");\n script_cve_id(\"CVE-2007-5342\", \"CVE-2007-5461\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.3.0.3.el5_1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.3.0.3.el5_1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.3.0.3.el5_1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.3.0.3.el5_1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.3.0.3.el5_1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.3.0.3.el5_1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.3.0.3.el5_1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.3.0.3.el5_1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.3.0.3.el5_1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.3.0.3.el5_1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.3.0.3.el5_1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2017-07-27T10:55:58", "description": "Check for the Version of tomcat", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat RHSA-2008:0042-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5342", "CVE-2007-5461"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870029", "href": "http://plugins.openvas.org/nasl.php?oid=870029", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat RHSA-2008:0042-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is a servlet container for Java Servlet and JavaServer Pages\n technologies.\n\n A directory traversal vulnerability existed in the Apache Tomcat webdav\n servlet. In some configurations it allowed remote authenticated users to\n read files accessible to the local tomcat process. (CVE-2007-5461)\n\n The default security policy in the JULI logging component did not restrict\n access permissions to files. This could be misused by untrusted web\n applications to access and write arbitrary files in the context of the\n tomcat process. (CVE-2007-5342)\n\n Users of Tomcat should update to these errata packages, which contain\n backported patches and are not vulnerable to these issues.\";\n\ntag_affected = \"tomcat on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-March/msg00005.html\");\n script_id(870029);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"RHSA\", value: \"2008:0042-01\");\n script_cve_id(\"CVE-2007-5461\", \"CVE-2007-5342\");\n script_name( \"RedHat Update for tomcat RHSA-2008:0042-01\");\n\n script_summary(\"Check for the Version of tomcat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.3.0.3.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.3.0.3.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.3.0.3.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.23~0jpp.3.0.3.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.3.0.3.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.3.0.3.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.3.0.3.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.3.0.3.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.3.0.3.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.3.0.3.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.3.0.3.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.3.0.3.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-09T11:39:28", "description": "Check for the Version of tomcat", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat RHSA-2008:0042-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5342", "CVE-2007-5461"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310870029", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870029", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat RHSA-2008:0042-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is a servlet container for Java Servlet and JavaServer Pages\n technologies.\n\n A directory traversal vulnerability existed in the Apache Tomcat webdav\n servlet. In some configurations it allowed remote authenticated users to\n read files accessible to the local tomcat process. (CVE-2007-5461)\n\n The default security policy in the JULI logging component did not restrict\n access permissions to files. This could be misused by untrusted web\n applications to access and write arbitrary files in the context of the\n tomcat process. (CVE-2007-5342)\n\n Users of Tomcat should update to these errata packages, which contain\n backported patches and are not vulnerable to these issues.\";\n\ntag_affected = \"tomcat on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-March/msg00005.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870029\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"RHSA\", value: \"2008:0042-01\");\n script_cve_id(\"CVE-2007-5461\", \"CVE-2007-5342\");\n script_name( \"RedHat Update for tomcat RHSA-2008:0042-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of tomcat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.3.0.3.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.3.0.3.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.3.0.3.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.23~0jpp.3.0.3.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.3.0.3.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.3.0.3.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.3.0.3.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.3.0.3.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.3.0.3.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.3.0.3.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.3.0.3.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.3.0.3.el5_1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-26T08:56:22", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n tomcat5\n tomcat5-admin-webapps\n tomcat5-webapps\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for Tomcat 5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2449", "CVE-2007-1858"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65993", "href": "http://plugins.openvas.org/nasl.php?oid=65993", "sourceData": "#\n#VID slesp1-tomcat5-5070\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Tomcat 5\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n tomcat5\n tomcat5-admin-webapps\n tomcat5-webapps\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65993);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2007-2449\", \"CVE-2007-1858\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES10: Security update for Tomcat 5\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.0.30~27.26\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.0.30~27.26\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.0.30~27.26\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:37:15", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-jakarta-tomcat-connectors\n jakarta-tomcat-doc\n apache-jakarta-tomcat-connectors\n jakarta-tomcat\n jakarta-tomcat-examples\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5023110 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for Tomcat", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2449", "CVE-2007-1858"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065285", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065285", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5023110.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Tomcat\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-jakarta-tomcat-connectors\n jakarta-tomcat-doc\n apache-jakarta-tomcat-connectors\n jakarta-tomcat\n jakarta-tomcat-examples\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5023110 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65285\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-2449\", \"CVE-2007-1858\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES9: Security update for Tomcat\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-jakarta-tomcat-connectors\", rpm:\"apache2-jakarta-tomcat-connectors~5.0.19~29.13\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:40:42", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n tomcat5\n tomcat5-admin-webapps\n tomcat5-webapps\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for Tomcat 5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2449", "CVE-2007-1858"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065993", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065993", "sourceData": "#\n#VID slesp1-tomcat5-5070\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Tomcat 5\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n tomcat5\n tomcat5-admin-webapps\n tomcat5-webapps\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65993\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2007-2449\", \"CVE-2007-1858\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES10: Security update for Tomcat 5\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.0.30~27.26\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.0.30~27.26\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.0.30~27.26\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-26T08:55:11", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-jakarta-tomcat-connectors\n jakarta-tomcat-doc\n apache-jakarta-tomcat-connectors\n jakarta-tomcat\n jakarta-tomcat-examples\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5023110 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for Tomcat", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2449", "CVE-2007-1858"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65285", "href": "http://plugins.openvas.org/nasl.php?oid=65285", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5023110.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Tomcat\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-jakarta-tomcat-connectors\n jakarta-tomcat-doc\n apache-jakarta-tomcat-connectors\n jakarta-tomcat\n jakarta-tomcat-examples\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5023110 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65285);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-2449\", \"CVE-2007-1858\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES9: Security update for Tomcat\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-jakarta-tomcat-connectors\", rpm:\"apache2-jakarta-tomcat-connectors~5.0.19~29.13\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:20", "description": "The remote host is missing an update to tomcat5.5\nannounced via advisory DSA 1468-1.", "cvss3": {}, "published": "2008-01-31T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1468-1 (tomcat5.5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2450", "CVE-2008-0128"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:60212", "href": "http://plugins.openvas.org/nasl.php?oid=60212", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1468_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1468-1 (tomcat5.5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2008-0128\n\nOlaf Kock discovered that HTTPS encryption was insufficiently\nenforced for single-sign-on cookies, which could result in\ninformation disclosure.\n\nCVE-2007-2450\n\nIt was discovered that the Manager and Host Manager web applications\nperformed insufficient input sanitising, which could lead to cross-\nsite scripting.\n\nThis update also adapts the tomcat5.5-webapps package to the tightened\nJULI permissions introduced in the previous tomcat5.5 DSA. However, it\nshould be noted, that the tomcat5.5-webapps is for demonstration and\ndocumentation purposes only and should not be used for production\nsystems.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 5.5.20-2etch2.\n\nThe old stable distribution (sarge) doesn't contain tomcat5.5.\n\nWe recommend that you upgrade your tomcat5.5 packages.\";\ntag_summary = \"The remote host is missing an update to tomcat5.5\nannounced via advisory DSA 1468-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201468-1\";\n\n\nif(description)\n{\n script_id(60212);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-31 16:11:48 +0100 (Thu, 31 Jan 2008)\");\n script_cve_id(\"CVE-2008-0128\", \"CVE-2007-2450\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Debian Security Advisory DSA 1468-1 (tomcat5.5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"tomcat5.5-admin\", ver:\"5.5.20-2etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat5.5-java\", ver:\"5.5.20-2etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat5.5\", ver:\"5.5.20-2etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat5.5-webapps\", ver:\"5.5.20-2etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-12-04T11:29:31", "description": "The remote host is missing an update to ktorrent\nannounced via advisory USN-711-1.", "cvss3": {}, "published": "2009-02-02T00:00:00", "type": "openvas", "title": "Ubuntu USN-711-1 (ktorrent)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1355", "CVE-2008-3358", "CVE-2005-2090", "CVE-2009-0135", "CVE-2008-5359", "CVE-2008-5349", "CVE-2007-3382", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5360", "CVE-2008-5358", "CVE-2008-5906", "CVE-2007-2450", "CVE-2008-5905", "CVE-2007-2449", "CVE-2008-5353", "CVE-2009-0136", "CVE-2007-3386", "CVE-2008-4101", "CVE-2006-7195", "CVE-2008-5350", "CVE-2008-5347", "CVE-2008-5354", "CVE-2007-0450", "CVE-2008-0128", "CVE-2009-0042", "CVE-2006-7196", "CVE-2007-3385", "CVE-2005-3510", "CVE-2007-1358", "CVE-2008-5351", "CVE-2008-2712", "CVE-2007-1858", "CVE-2006-3835"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:63306", "href": "http://plugins.openvas.org/nasl.php?oid=63306", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_711_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_711_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-711-1 (ktorrent)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 7.10:\n ktorrent 2.2.1-0ubuntu3.1\n\nUbuntu 8.04 LTS:\n ktorrent 2.2.5-0ubuntu1.1\n\nUbuntu 8.10:\n ktorrent 3.1.2+dfsg.1-0ubuntu2.1\n\nAfter a standard system upgrade you need to restart KTorrent to effect\nthe necessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-711-1\";\n\ntag_insight = \"It was discovered that KTorrent did not properly restrict access when using the\nweb interface plugin. A remote attacker could use a crafted http request and\nupload arbitrary torrent files to trigger the start of downloads and seeding.\n(CVE-2008-5905)\n\nIt was discovered that KTorrent did not properly handle certain parameters when\nusing the web interface plugin. A remote attacker could use crafted http\nrequests to execute arbitrary PHP code. (CVE-2008-5906)\";\ntag_summary = \"The remote host is missing an update to ktorrent\nannounced via advisory USN-711-1.\";\n\n \n\n\nif(description)\n{\n script_id(63306);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-02 23:28:24 +0100 (Mon, 02 Feb 2009)\");\n script_cve_id(\"CVE-2008-5905\", \"CVE-2008-5906\", \"CVE-2008-2712\", \"CVE-2008-4101\", \"CVE-2005-2090\", \"CVE-2005-3510\", \"CVE-2006-3835\", \"CVE-2006-7195\", \"CVE-2006-7196\", \"CVE-2007-0450\", \"CVE-2007-1355\", \"CVE-2007-1358\", \"CVE-2007-1858\", \"CVE-2007-2449\", \"CVE-2007-2450\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\", \"CVE-2008-0128\", \"CVE-2008-3358\", \"CVE-2009-0042\", \"CVE-2009-0135\", \"CVE-2009-0136\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-711-1 (ktorrent)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-711-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ktorrent\", ver:\"2.2.1-0ubuntu3.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ktorrent\", ver:\"2.2.5-0ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ktorrent-dbg\", ver:\"3.1.2+dfsg.1-0ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ktorrent\", ver:\"3.1.2+dfsg.1-0ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-doc\", ver:\"6.4-006+2ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-runtime\", ver:\"6.4-006+2ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-common\", ver:\"6.4-006+2ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gnome\", ver:\"6.4-006+2ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gui-common\", ver:\"6.4-006+2ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-tiny\", ver:\"6.4-006+2ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim\", ver:\"6.4-006+2ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gtk\", ver:\"6.4-006+2ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-perl\", ver:\"6.4-006+2ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-python\", ver:\"6.4-006+2ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-ruby\", ver:\"6.4-006+2ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-tcl\", ver:\"6.4-006+2ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-doc\", ver:\"7.1-056+2ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gui-common\", ver:\"7.1-056+2ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-runtime\", ver:\"7.1-056+2ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-common\", ver:\"7.1-056+2ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gnome\", ver:\"7.1-056+2ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-tiny\", ver:\"7.1-056+2ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim\", ver:\"7.1-056+2ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-full\", ver:\"7.1-056+2ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gtk\", ver:\"7.1-056+2ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-perl\", ver:\"7.1-056+2ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-python\", ver:\"7.1-056+2ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-ruby\", ver:\"7.1-056+2ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-tcl\", ver:\"7.1-056+2ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-doc\", ver:\"7.1-138+1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gui-common\", ver:\"7.1-138+1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-runtime\", ver:\"7.1-138+1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-full\", ver:\"7.1-138+1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-perl\", ver:\"7.1-138+1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-python\", ver:\"7.1-138+1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-ruby\", ver:\"7.1-138+1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-tcl\", ver:\"7.1-138+1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-common\", ver:\"7.1-138+1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gnome\", ver:\"7.1-138+1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-tiny\", ver:\"7.1-138+1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim\", ver:\"7.1-138+1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gtk\", ver:\"7.1-138+1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-nox\", ver:\"7.1-138+1ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-doc\", ver:\"7.1.314-3ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gui-common\", ver:\"7.1.314-3ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-runtime\", ver:\"7.1.314-3ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-full\", ver:\"7.1.314-3ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-perl\", ver:\"7.1.314-3ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-python\", ver:\"7.1.314-3ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-ruby\", ver:\"7.1.314-3ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-tcl\", ver:\"7.1.314-3ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-common\", ver:\"7.1.314-3ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-dbg\", ver:\"7.1.314-3ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gnome\", ver:\"7.1.314-3ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-tiny\", ver:\"7.1.314-3ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim\", ver:\"7.1.314-3ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gtk\", ver:\"7.1.314-3ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-nox\", ver:\"7.1.314-3ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-doc\", ver:\"6b12-0ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b12-0ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source\", ver:\"6b12-0ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-source-files\", ver:\"6b12-0ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedtea6-plugin\", ver:\"6b12-0ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-dbg\", ver:\"6b12-0ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-demo\", ver:\"6b12-0ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jdk\", ver:\"6b12-0ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b12-0ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b12-0ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:29:41", "description": "The remote host is missing an update to vim\nannounced via advisory USN-712-1.", "cvss3": {}, "published": "2009-02-02T00:00:00", "type": "openvas", "title": "Ubuntu USN-712-1 (vim)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1355", "CVE-2008-3358", "CVE-2005-2090", "CVE-2009-0135", "CVE-2008-5359", "CVE-2008-5349", "CVE-2007-3382", "CVE-2008-5352", "CVE-2008-5348", "CVE-2008-5360", "CVE-2008-5358", "CVE-2007-2450", "CVE-2007-2449", "CVE-2008-5353", "CVE-2009-0136", "CVE-2007-3386", "CVE-2008-4101", "CVE-2006-7195", "CVE-2008-5350", "CVE-2008-5347", "CVE-2008-5354", "CVE-2007-0450", "CVE-2008-0128", "CVE-2009-0042", "CVE-2006-7196", "CVE-2007-3385", "CVE-2005-3510", "CVE-2007-1358", "CVE-2008-5351", "CVE-2008-2712", "CVE-2007-1858", "CVE-2006-3835"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:63307", "href": "http://plugins.openvas.org/nasl.php?oid=63307", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_712_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_712_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-712-1 (vim)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n vim 1:6.4-006+2ubuntu6.2\n vim-runtime 1:6.4-006+2ubuntu6.2\n\nUbuntu 7.10:\n vim 1:7.1-056+2ubuntu2.1\n vim-runtime 1:7.1-056+2ubuntu2.1\n\nUbuntu 8.04 LTS:\n vim 1:7.1-138+1ubuntu3.1\n vim-runtime 1:7.1-138+1ubuntu3.1\n\nUbuntu 8.10:\n vim 1:7.1.314-3ubuntu3.1\n vim-runtime 1:7.1.314-3ubuntu3.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-712-1\";\n\ntag_insight = \"Jan Minar discovered that Vim did not properly sanitize inputs before invoking\nthe execute or system functions inside Vim scripts. If a user were tricked\ninto running Vim scripts with a specially crafted input, an attacker could\nexecute arbitrary code with the privileges of the user invoking the program.\n(CVE-2008-2712)\n\nBen Schmidt discovered that Vim did not properly escape characters when\nperforming keyword or tag lookups. If a user were tricked into running specially\ncrafted commands, an attacker could execute arbitrary code with the privileges\nof the user invoking the program. (CVE-2008-4101)\";\ntag_summary = \"The remote host is missing an update to vim\nannounced via advisory USN-712-1.\";\n\n \n\n\nif(description)\n{\n script_id(63307);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-02 23:28:24 +0100 (Mon, 02 Feb 2009)\");\n script_cve_id(\"CVE-2008-2712\", \"CVE-2008-4101\", \"CVE-2005-2090\", \"CVE-2005-3510\", \"CVE-2006-3835\", \"CVE-2006-7195\", \"CVE-2006-7196\", \"CVE-2007-0450\", \"CVE-2007-1355\", \"CVE-2007-1358\", \"CVE-2007-1858\", \"CVE-2007-2449\", \"CVE-2007-2450\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\", \"CVE-2008-0128\", \"CVE-2008-3358\", \"CVE-2009-0042\", \"CVE-2009-0135\", \"CVE-2009-0136\", \"CVE-2008-5347\", \"CVE-2008-5348\", \"CVE-2008-5349\", \"CVE-2008-5350\", \"CVE-2008-5351\", \"CVE-2008-5352\", \"CVE-2008-5353\", \"CVE-2008-5354\", \"CVE-2008-5358\", \"CVE-2008-5359\", \"CVE-2008-5360\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-712-1 (vim)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-712-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"vim-doc\", ver:\"6.4-006+2ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-runtime\", ver:\"6.4-006+2ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-common\", ver:\"6.4-006+2ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gnome\", ver:\"6.4-006+2ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-gui-common\", ver:\"6.4-006+2ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vim-tiny\", ve