**Important: Denial of service** [CVE-2012-0022](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022>)
Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause large amounts of CPU to be used which in turn could create a denial of service. The issue was addressed by modifying the Tomcat parameter handling code to efficiently process large numbers of parameters and parameter values.
This was fixed in revisions [1221282](<https://svn.apache.org/viewvc?view=rev&rev=1221282>), [1224640](<https://svn.apache.org/viewvc?view=rev&rev=1224640>) and [1228191](<https://svn.apache.org/viewvc?view=rev&rev=1228191>).
This was identified by the Tomcat security team on 21 October 2011 and made public on 17 January 2012.
Affects: 5.5.0-5.5.34
{"id": "TOMCAT:5CF1AC4DD8BA54DDC8B420B82C25DBD7", "vendorId": null, "type": "tomcat", "bulletinFamily": "software", "title": "Fixed in Apache Tomcat 5.5.35", "description": "**Important: Denial of service** [CVE-2012-0022](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022>)\n\nAnalysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause large amounts of CPU to be used which in turn could create a denial of service. The issue was addressed by modifying the Tomcat parameter handling code to efficiently process large numbers of parameters and parameter values.\n\nThis was fixed in revisions [1221282](<https://svn.apache.org/viewvc?view=rev&rev=1221282>), [1224640](<https://svn.apache.org/viewvc?view=rev&rev=1224640>) and [1228191](<https://svn.apache.org/viewvc?view=rev&rev=1228191>).\n\nThis was identified by the Tomcat security team on 21 October 2011 and made public on 17 January 2012.\n\nAffects: 5.5.0-5.5.34", "published": "2012-01-16T00:00:00", "modified": "2012-01-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "href": "https://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.35", "reporter": "Apache Tomcat", "references": [], "cvelist": ["CVE-2012-0022"], "immutableFields": [], "lastseen": "2021-12-30T15:23:05", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2012:0474", "CESA-2012:0475"]}, {"type": "cve", "idList": ["CVE-2012-0022"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2401-1:5C59D"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-0022"]}, {"type": "freebsd", "idList": ["7F5CCB1D-439B-11E1-BC16-0023AE8E59F0"]}, {"type": "gentoo", "idList": ["GLSA-201206-24"]}, {"type": "github", "idList": ["GHSA-8H2Q-QM9X-55JC"]}, {"type": "ibm", "idList": ["B5810DD31544DECD338CCD71F5C05C78B267068FE3FD01928B5545B05BEE5FA0", "C3B24D9C073C7840B6F13827EE7743D35E733053B2442D8C8AD0A06EAEC3B9DA"]}, {"type": "nessus", "idList": ["6331.PASL", "6332.PASL", "6334.PASL", "800607.PRM", "800616.PRM", "800626.PRM", "CENTOS_RHSA-2012-0474.NASL", "CENTOS_RHSA-2012-0475.NASL", "DEBIAN_DSA-2401.NASL", "FREEBSD_PKG_7F5CCB1D439B11E1BC160023AE8E59F0.NASL", "GENTOO_GLSA-201206-24.NASL", "JUNIPER_NSM_2012_2_R5.NASL", "MANDRIVA_MDVSA-2012-085.NASL", "ORACLELINUX_ELSA-2012-0474.NASL", "ORACLELINUX_ELSA-2012-0475.NASL", "REDHAT-RHSA-2012-0074.NASL", "REDHAT-RHSA-2012-0474.NASL", "REDHAT-RHSA-2012-0475.NASL", "REDHAT-RHSA-2012-0680.NASL", "REDHAT-RHSA-2012-0682.NASL", "SL_20120411_TOMCAT5_ON_SL5_X.NASL", "SL_20120411_TOMCAT6_ON_SL6.NASL", "SOLARIS11_TOMCAT_20120405.NASL", "SUSE_11_TOMCAT6-130802.NASL", "TOMCAT_5_5_35.NASL", "TOMCAT_6_0_35.NASL", "TOMCAT_7_0_23.NASL", "UBUNTU_USN-1359-1.NASL", "VMWARE_VCENTER_VMSA-2012-0005.NASL", "VMWARE_VMSA-2012-0005.NASL", "VMWARE_VMSA-2012-0005_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:103457", "OPENVAS:1361412562310103457", "OPENVAS:1361412562310123938", "OPENVAS:1361412562310123939", "OPENVAS:136141256231070718", "OPENVAS:136141256231070752", "OPENVAS:136141256231071550", "OPENVAS:1361412562310802384", "OPENVAS:1361412562310831618", "OPENVAS:1361412562310840899", "OPENVAS:1361412562310870585", "OPENVAS:1361412562310870714", "OPENVAS:1361412562310881065", "OPENVAS:1361412562310881140", "OPENVAS:70718", "OPENVAS:70752", "OPENVAS:71550", "OPENVAS:831618", "OPENVAS:840899", "OPENVAS:870585", "OPENVAS:870714", "OPENVAS:881065", "OPENVAS:881140"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2013-1515902"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0474", "ELSA-2012-0475"]}, {"type": "osv", "idList": ["OSV:DSA-2401-1", "OSV:GHSA-8H2Q-QM9X-55JC"]}, {"type": "redhat", "idList": ["RHSA-2012:0074", "RHSA-2012:0075", "RHSA-2012:0076", "RHSA-2012:0474", "RHSA-2012:0475", "RHSA-2012:0679", "RHSA-2012:0680", "RHSA-2012:0681", "RHSA-2012:0682", "RHSA-2012:1331"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27826", "SECURITYVULNS:VULN:12149", "SECURITYVULNS:VULN:12279", "SECURITYVULNS:VULN:12836"]}, {"type": "seebug", "idList": ["SSV:30033"]}, {"type": "tomcat", "idList": ["TOMCAT:15CD6728C2514DB3DDC5BB2791C15B30", "TOMCAT:B381EB137FE969CF22F68315CBD8CA51"]}, {"type": "ubuntu", "idList": ["USN-1359-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-4858", "UB:CVE-2012-0022"]}, {"type": "vmware", "idList": ["VMSA-2012-0005", "VMSA-2012-0005.4"]}]}, "score": {"value": 4.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2012:0474", "CESA-2012:0475"]}, {"type": "cve", "idList": ["CVE-2012-0022"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2401-1:5C59D"]}, {"type": "freebsd", "idList": ["7F5CCB1D-439B-11E1-BC16-0023AE8E59F0"]}, {"type": "gentoo", "idList": ["GLSA-201206-24"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2012-0680.NASL", "TOMCAT_ERROR_VERSION.NASL", "VMWARE_VMSA-2012-0005_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310840899", "OPENVAS:831618"]}, {"type": "redhat", "idList": ["RHSA-2012:0075", "RHSA-2012:0076", "RHSA-2012:0475"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12149"]}, {"type": "tomcat", "idList": ["TOMCAT:B381EB137FE969CF22F68315CBD8CA51"]}, {"type": "ubuntu", "idList": ["USN-1359-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-0022"]}, {"type": "vmware", "idList": ["VMSA-2012-0005"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "apache tomcat", "version": 5}, {"name": "apache tomcat", "version": 5}]}, "vulnersScore": 4.6}, "affectedSoftware": [{"operator": "ge", "version": "5.5.0", "name": "apache tomcat"}, {"version": "5.5.34", "operator": "le", "name": "apache tomcat"}], "_state": {"dependencies": 1659988328, "score": 1659915622, "affected_software_major_version": 1666691171}, "_internal": {"score_hash": "04d3861693f72123098ca22a41d4694f"}}
{"nessus": [{"lastseen": "2023-01-11T14:20:09", "description": "The Tomcat security team reports :\n\nAnalysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause large amounts of CPU to be used which in turn could create a denial of service. The issue was addressed by modifying the Tomcat parameter handling code to efficiently process large numbers of parameters and parameter values.", "cvss3": {}, "published": "2012-01-23T00:00:00", "type": "nessus", "title": "FreeBSD : tomcat -- Denial of Service (7f5ccb1d-439b-11e1-bc16-0023ae8e59f0)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0022"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:tomcat", "p-cpe:/a:freebsd:freebsd:tomcat", "p-cpe:/a:freebsd:freebsd:tomcat", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_7F5CCB1D439B11E1BC160023AE8E59F0.NASL", "href": "https://www.tenable.com/plugins/nessus/57629", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57629);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-0022\");\n\n script_name(english:\"FreeBSD : tomcat -- Denial of Service (7f5ccb1d-439b-11e1-bc16-0023ae8e59f0)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Tomcat security team reports :\n\nAnalysis of the recent hash collision vulnerability identified\nunrelated inefficiencies with Apache Tomcat's handling of large\nnumbers of parameters and parameter values. These inefficiencies could\nallow an attacker, via a specially crafted request, to cause large\namounts of CPU to be used which in turn could create a denial of\nservice. The issue was addressed by modifying the Tomcat parameter\nhandling code to efficiently process large numbers of parameters and\nparameter values.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.35\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.34\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.23\"\n );\n # https://vuxml.freebsd.org/freebsd/7f5ccb1d-439b-11e1-bc16-0023ae8e59f0.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?420a304e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tomcat>5.5.0<5.5.35\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat>6.0.0<6.0.34\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat>7.0.0<7.0.23\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:49:23", "description": "From Red Hat Security Advisory 2012:0474 :\n\nUpdated tomcat5 packages that fix two security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue.\nThe default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values.\nThis update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858.\n\nUsers of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : tomcat5 (ELSA-2012-0474)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4858", "CVE-2012-0022"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat5", "p-cpe:/a:oracle:linux:tomcat5-admin-webapps", "p-cpe:/a:oracle:linux:tomcat5-common-lib", "p-cpe:/a:oracle:linux:tomcat5-jasper", "p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-server-lib", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-webapps", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2012-0474.NASL", "href": "https://www.tenable.com/plugins/nessus/68510", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0474 and \n# Oracle Linux Security Advisory ELSA-2012-0474 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68510);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4858\", \"CVE-2012-0022\");\n script_bugtraq_id(51200, 51447);\n script_xref(name:\"RHSA\", value:\"2012:0474\");\n\n script_name(english:\"Oracle Linux 5 : tomcat5 (ELSA-2012-0474)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0474 :\n\nUpdated tomcat5 packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that the Java hashCode() method implementation was\nsusceptible to predictable hash collisions. A remote attacker could\nuse this flaw to cause Tomcat to use an excessive amount of CPU time\nby sending an HTTP request with a large number of parameters whose\nnames map to the same hash value. This update introduces a limit on\nthe number of parameters processed per request to mitigate this issue.\nThe default limit is 512 for parameters and 128 for headers. These\ndefaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters\nand large parameter values efficiently. A remote attacker could make\nTomcat use an excessive amount of CPU time by sending an HTTP request\ncontaining a large number of parameters or large parameter values.\nThis update introduces limits on the number of parameters and headers\nprocessed per request to address this issue. Refer to the\nCVE-2011-4858 description for information about the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT\nacknowledges Julian Walde and Alexander Klink as the original\nreporters of CVE-2011-4858.\n\nUsers of Tomcat should upgrade to these updated packages, which\ncorrect these issues. Tomcat must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-April/002743.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-webapps-5.5.23-0jpp.31.el5_8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:48:51", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. (CVE-2011-4858)\n\n - Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.\n (CVE-2012-0022)", "cvss3": {}, "published": "2015-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : tomcat (multiple_denial_of_service_dos)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4858", "CVE-2012-0022"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.0", "p-cpe:/a:oracle:solaris:tomcat"], "id": "SOLARIS11_TOMCAT_20120405.NASL", "href": "https://www.tenable.com/plugins/nessus/80790", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80790);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4858\", \"CVE-2012-0022\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : tomcat (multiple_denial_of_service_dos)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x\n before 7.0.23 computes hash values for form parameters\n without restricting the ability to trigger hash\n collisions predictably, which allows remote attackers to\n cause a denial of service (CPU consumption) by sending\n many crafted parameters. (CVE-2011-4858)\n\n - Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34,\n and 7.x before 7.0.23 uses an inefficient approach for\n handling parameters, which allows remote attackers to\n cause a denial of service (CPU consumption) via a\n request that contains many parameters and parameter\n values, a different vulnerability than CVE-2011-4858.\n (CVE-2012-0022)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-denial-of-service-dos-vulnerabilities-in-apache-tomcat\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?18858603\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11/11 SRU 4.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:tomcat\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^tomcat$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.0.4.0.5.0\", sru:\"SRU 4\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : tomcat\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"tomcat\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:23:00", "description": "Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue.\nThe default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values.\nThis update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858.\n\nUsers of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2012-04-16T00:00:00", "type": "nessus", "title": "CentOS 6 : tomcat6 (CESA-2012:0475)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4858", "CVE-2012-0022"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat6", "p-cpe:/a:centos:centos:tomcat6-admin-webapps", "p-cpe:/a:centos:centos:tomcat6-docs-webapp", "p-cpe:/a:centos:centos:tomcat6-el-2.1-api", "p-cpe:/a:centos:centos:tomcat6-javadoc", "p-cpe:/a:centos:centos:tomcat6-jsp-2.1-api", "p-cpe:/a:centos:centos:tomcat6-lib", "p-cpe:/a:centos:centos:tomcat6-servlet-2.5-api", "p-cpe:/a:centos:centos:tomcat6-webapps", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2012-0475.NASL", "href": "https://www.tenable.com/plugins/nessus/58752", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0475 and \n# CentOS Errata and Security Advisory 2012:0475 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58752);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-4858\", \"CVE-2012-0022\");\n script_bugtraq_id(51200, 51447);\n script_xref(name:\"RHSA\", value:\"2012:0475\");\n\n script_name(english:\"CentOS 6 : tomcat6 (CESA-2012:0475)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat6 packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that the Java hashCode() method implementation was\nsusceptible to predictable hash collisions. A remote attacker could\nuse this flaw to cause Tomcat to use an excessive amount of CPU time\nby sending an HTTP request with a large number of parameters whose\nnames map to the same hash value. This update introduces a limit on\nthe number of parameters processed per request to mitigate this issue.\nThe default limit is 512 for parameters and 128 for headers. These\ndefaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters\nand large parameter values efficiently. A remote attacker could make\nTomcat use an excessive amount of CPU time by sending an HTTP request\ncontaining a large number of parameters or large parameter values.\nThis update introduces limits on the number of parameters and headers\nprocessed per request to address this issue. Refer to the\nCVE-2011-4858 description for information about the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT\nacknowledges Julian Walde and Alexander Klink as the original\nreporters of CVE-2011-4858.\n\nUsers of Tomcat should upgrade to these updated packages, which\ncorrect these issues. Tomcat must be restarted for this update to take\neffect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-April/018571.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?50843d01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-4858\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-6.0.24-36.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-admin-webapps-6.0.24-36.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-docs-webapp-6.0.24-36.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-el-2.1-api-6.0.24-36.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-javadoc-6.0.24-36.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-36.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-lib-6.0.24-36.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-36.el6_2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-webapps-6.0.24-36.el6_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:23:18", "description": "Updated tomcat5 packages that fix two security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue.\nThe default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values.\nThis update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858.\n\nUsers of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2012-04-12T00:00:00", "type": "nessus", "title": "RHEL 5 : tomcat5 (RHSA-2012:0474)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4858", "CVE-2012-0022"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat5", "p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2012-0474.NASL", "href": "https://www.tenable.com/plugins/nessus/58718", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0474. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58718);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4858\", \"CVE-2012-0022\");\n script_bugtraq_id(51200, 51447);\n script_xref(name:\"RHSA\", value:\"2012:0474\");\n\n script_name(english:\"RHEL 5 : tomcat5 (RHSA-2012:0474)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat5 packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that the Java hashCode() method implementation was\nsusceptible to predictable hash collisions. A remote attacker could\nuse this flaw to cause Tomcat to use an excessive amount of CPU time\nby sending an HTTP request with a large number of parameters whose\nnames map to the same hash value. This update introduces a limit on\nthe number of parameters processed per request to mitigate this issue.\nThe default limit is 512 for parameters and 128 for headers. These\ndefaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters\nand large parameter values efficiently. A remote attacker could make\nTomcat use an excessive amount of CPU time by sending an HTTP request\ncontaining a large number of parameters or large parameter values.\nThis update introduces limits on the number of parameters and headers\nprocessed per request to address this issue. Refer to the\nCVE-2011-4858 description for information about the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT\nacknowledges Julian Walde and Alexander Klink as the original\nreporters of CVE-2011-4858.\n\nUsers of Tomcat should upgrade to these updated packages, which\ncorrect these issues. Tomcat must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-5.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0474\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0022\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0474\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-common-lib-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-common-lib-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-common-lib-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-server-lib-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-server-lib-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-server-lib-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-webapps-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-webapps-5.5.23-0jpp.31.el5_8\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-webapps-5.5.23-0jpp.31.el5_8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:23:48", "description": "A vulnerability has been discovered and corrected in tomcat5 :\n\nApache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858 (CVE-2012-0022).\n\nThe updated packages have been patched to correct this issue.", "cvss3": {}, "published": "2012-05-31T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : tomcat5 (MDVSA-2012:085)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4858", "CVE-2012-0022"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:tomcat5", "p-cpe:/a:mandriva:linux:tomcat5-admin-webapps", "p-cpe:/a:mandriva:linux:tomcat5-common-lib", "p-cpe:/a:mandriva:linux:tomcat5-jasper", "p-cpe:/a:mandriva:linux:tomcat5-jasper-eclipse", "p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-server-lib", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-webapps", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2012-085.NASL", "href": "https://www.tenable.com/plugins/nessus/59315", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:085. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59315);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-0022\");\n script_bugtraq_id(51447);\n script_xref(name:\"MDVSA\", value:\"2012:085\");\n\n script_name(english:\"Mandriva Linux Security Advisory : tomcat5 (MDVSA-2012:085)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered and corrected in tomcat5 :\n\nApache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before\n7.0.23 uses an inefficient approach for handling parameters, which\nallows remote attackers to cause a denial of service (CPU consumption)\nvia a request that contains many parameters and parameter values, a\ndifferent vulnerability than CVE-2011-4858 (CVE-2012-0022).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper-eclipse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-5.5.28-0.5.0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-admin-webapps-5.5.28-0.5.0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-common-lib-5.5.28-0.5.0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jasper-5.5.28-0.5.0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jasper-eclipse-5.5.28-0.5.0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jasper-javadoc-5.5.28-0.5.0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jsp-2.0-api-5.5.28-0.5.0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-server-lib-5.5.28-0.5.0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-servlet-2.4-api-5.5.28-0.5.0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-webapps-5.5.28-0.5.0.4mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:26:55", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue.\nThe default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values.\nThis update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022) \n\nUsers of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64 (20120411)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4858", "CVE-2012-0022"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:tomcat5", "p-cpe:/a:fermilab:scientific_linux:tomcat5-admin-webapps", "p-cpe:/a:fermilab:scientific_linux:tomcat5-common-lib", "p-cpe:/a:fermilab:scientific_linux:tomcat5-debuginfo", "p-cpe:/a:fermilab:scientific_linux:tomcat5-jasper", "p-cpe:/a:fermilab:scientific_linux:tomcat5-jasper-javadoc", "p-cpe:/a:fermilab:scientific_linux:tomcat5-jsp-2.0-api", "p-cpe:/a:fermilab:scientific_linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:fermilab:scientific_linux:tomcat5-server-lib", "p-cpe:/a:fermilab:scientific_linux:tomcat5-servlet-2.4-api", "p-cpe:/a:fermilab:scientific_linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:fermilab:scientific_linux:tomcat5-webapps", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120411_TOMCAT5_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61299", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61299);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4858\", \"CVE-2012-0022\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64 (20120411)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that the Java hashCode() method implementation was\nsusceptible to predictable hash collisions. A remote attacker could\nuse this flaw to cause Tomcat to use an excessive amount of CPU time\nby sending an HTTP request with a large number of parameters whose\nnames map to the same hash value. This update introduces a limit on\nthe number of parameters processed per request to mitigate this issue.\nThe default limit is 512 for parameters and 128 for headers. These\ndefaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters\nand large parameter values efficiently. A remote attacker could make\nTomcat use an excessive amount of CPU time by sending an HTTP request\ncontaining a large number of parameters or large parameter values.\nThis update introduces limits on the number of parameters and headers\nprocessed per request to address this issue. Refer to the\nCVE-2011-4858 description for information about the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022) \n\nUsers of Tomcat should upgrade to these updated packages, which\ncorrect these issues. Tomcat must be restarted for this update to take\neffect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1204&L=scientific-linux-errata&T=0&P=1225\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?60109485\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-debuginfo-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jasper-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-webapps-5.5.23-0jpp.31.el5_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:23:08", "description": "Updated tomcat5 packages that fix two security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue.\nThe default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values.\nThis update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858.\n\nUsers of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2012-04-12T00:00:00", "type": "nessus", "title": "CentOS 5 : tomcat5 (CESA-2012:0474)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4858", "CVE-2012-0022"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat5", "p-cpe:/a:centos:centos:tomcat5-admin-webapps", "p-cpe:/a:centos:centos:tomcat5-common-lib", "p-cpe:/a:centos:centos:tomcat5-jasper", "p-cpe:/a:centos:centos:tomcat5-jasper-javadoc", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:centos:centos:tomcat5-server-lib", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:centos:centos:tomcat5-webapps", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2012-0474.NASL", "href": "https://www.tenable.com/plugins/nessus/58685", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0474 and \n# CentOS Errata and Security Advisory 2012:0474 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58685);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-4858\", \"CVE-2012-0022\");\n script_bugtraq_id(51200, 51447);\n script_xref(name:\"RHSA\", value:\"2012:0474\");\n\n script_name(english:\"CentOS 5 : tomcat5 (CESA-2012:0474)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat5 packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that the Java hashCode() method implementation was\nsusceptible to predictable hash collisions. A remote attacker could\nuse this flaw to cause Tomcat to use an excessive amount of CPU time\nby sending an HTTP request with a large number of parameters whose\nnames map to the same hash value. This update introduces a limit on\nthe number of parameters processed per request to mitigate this issue.\nThe default limit is 512 for parameters and 128 for headers. These\ndefaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters\nand large parameter values efficiently. A remote attacker could make\nTomcat use an excessive amount of CPU time by sending an HTTP request\ncontaining a large number of parameters or large parameter values.\nThis update introduces limits on the number of parameters and headers\nprocessed per request to address this issue. Refer to the\nCVE-2011-4858 description for information about the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT\nacknowledges Julian Walde and Alexander Klink as the original\nreporters of CVE-2011-4858.\n\nUsers of Tomcat should upgrade to these updated packages, which\ncorrect these issues. Tomcat must be restarted for this update to take\neffect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-April/018570.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6249cbc3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-4858\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.31.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-webapps-5.5.23-0jpp.31.el5_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:19:55", "description": "According to its self-reported version number, the instance of Apache Tomcat 5.x listening on the remote host is prior to 5.5.35. It is, therefore, affected by a denial of service vulnerability.\n\nLarge numbers of crafted form parameters can cause excessive CPU consumption due to hash collisions.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2012-01-13T00:00:00", "type": "nessus", "title": "Apache Tomcat 5.x < 5.5.35 Hash Collision Denial of Service", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4858", "CVE-2012-0022"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_5_5_35.NASL", "href": "https://www.tenable.com/plugins/nessus/57540", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57540);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2011-4858\", \"CVE-2012-0022\");\n script_bugtraq_id(51200, 51447);\n script_xref(name:\"CERT\", value:\"903934\");\n\n script_name(english:\"Apache Tomcat 5.x < 5.5.35 Hash Collision Denial of Service\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by a denial of service vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 5.x listening on the remote host is prior to 5.5.35. It is,\ntherefore, affected by a denial of service vulnerability.\n\nLarge numbers of crafted form parameters can cause excessive CPU\nconsumption due to hash collisions.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n # http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3C4EFB9800.5010106%40apache.org%3E\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d97dc97c\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nruns.com/_downloads/advisory28122011.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.35\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tomcat 5.5.35 or later. Alternatively, as a workaround, set\nthe 'maxPostSize' configuration variable to the lowest sensible value\nrequired to support your hosted applications.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-4858\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"5.5.35\", min:\"5.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^5(\\.5)?$\");\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:26:55", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue.\nThe default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values.\nThis update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022) \n\nUsers of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat6 on SL6.x (20120411)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4858", "CVE-2012-0022"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:tomcat6", "p-cpe:/a:fermilab:scientific_linux:tomcat6-admin-webapps", "p-cpe:/a:fermilab:scientific_linux:tomcat6-docs-webapp", "p-cpe:/a:fermilab:scientific_linux:tomcat6-el-2.1-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-javadoc", "p-cpe:/a:fermilab:scientific_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-lib", "p-cpe:/a:fermilab:scientific_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-webapps", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120411_TOMCAT6_ON_SL6.NASL", "href": "https://www.tenable.com/plugins/nessus/61300", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61300);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4858\", \"CVE-2012-0022\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat6 on SL6.x (20120411)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that the Java hashCode() method implementation was\nsusceptible to predictable hash collisions. A remote attacker could\nuse this flaw to cause Tomcat to use an excessive amount of CPU time\nby sending an HTTP request with a large number of parameters whose\nnames map to the same hash value. This update introduces a limit on\nthe number of parameters processed per request to mitigate this issue.\nThe default limit is 512 for parameters and 128 for headers. These\ndefaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters\nand large parameter values efficiently. A remote attacker could make\nTomcat use an excessive amount of CPU time by sending an HTTP request\ncontaining a large number of parameters or large parameter values.\nThis update introduces limits on the number of parameters and headers\nprocessed per request to address this issue. Refer to the\nCVE-2011-4858 description for information about the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022) \n\nUsers of Tomcat should upgrade to these updated packages, which\ncorrect these issues. Tomcat must be restarted for this update to take\neffect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1204&L=scientific-linux-errata&T=0&P=1107\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?abd1b6da\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-6.0.24-36.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-admin-webapps-6.0.24-36.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-docs-webapp-6.0.24-36.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-el-2.1-api-6.0.24-36.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-javadoc-6.0.24-36.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-36.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-lib-6.0.24-36.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-36.el6_2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-webapps-6.0.24-36.el6_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:22:58", "description": "Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue.\nThe default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values.\nThis update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858.\n\nUsers of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2012-04-12T00:00:00", "type": "nessus", "title": "RHEL 6 : tomcat6 (RHSA-2012:0475)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4858", "CVE-2012-0022"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.2"], "id": "REDHAT-RHSA-2012-0475.NASL", "href": "https://www.tenable.com/plugins/nessus/58719", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0475. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58719);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4858\", \"CVE-2012-0022\");\n script_bugtraq_id(51200, 51447);\n script_xref(name:\"RHSA\", value:\"2012:0475\");\n\n script_name(english:\"RHEL 6 : tomcat6 (RHSA-2012:0475)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat6 packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that the Java hashCode() method implementation was\nsusceptible to predictable hash collisions. A remote attacker could\nuse this flaw to cause Tomcat to use an excessive amount of CPU time\nby sending an HTTP request with a large number of parameters whose\nnames map to the same hash value. This update introduces a limit on\nthe number of parameters processed per request to mitigate this issue.\nThe default limit is 512 for parameters and 128 for headers. These\ndefaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters\nand large parameter values efficiently. A remote attacker could make\nTomcat use an excessive amount of CPU time by sending an HTTP request\ncontaining a large number of parameters or large parameter values.\nThis update introduces limits on the number of parameters and headers\nprocessed per request to address this issue. Refer to the\nCVE-2011-4858 description for information about the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT\nacknowledges Julian Walde and Alexander Klink as the original\nreporters of CVE-2011-4858.\n\nUsers of Tomcat should upgrade to these updated packages, which\ncorrect these issues. Tomcat must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-6.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0022\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0475\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-6.0.24-36.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-admin-webapps-6.0.24-36.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-docs-webapp-6.0.24-36.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-el-2.1-api-6.0.24-36.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-javadoc-6.0.24-36.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-36.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-lib-6.0.24-36.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-36.el6_2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-webapps-6.0.24-36.el6_2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:56:36", "description": "From Red Hat Security Advisory 2012:0475 :\n\nUpdated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue.\nThe default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values.\nThis update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858.\n\nUsers of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : tomcat6 (ELSA-2012-0475)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4858", "CVE-2012-0022"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat6", "p-cpe:/a:oracle:linux:tomcat6-admin-webapps", "p-cpe:/a:oracle:linux:tomcat6-docs-webapp", "p-cpe:/a:oracle:linux:tomcat6-el-2.1-api", "p-cpe:/a:oracle:linux:tomcat6-javadoc", "p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api", "p-cpe:/a:oracle:linux:tomcat6-lib", "p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api", "p-cpe:/a:oracle:linux:tomcat6-webapps", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2012-0475.NASL", "href": "https://www.tenable.com/plugins/nessus/68511", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0475 and \n# Oracle Linux Security Advisory ELSA-2012-0475 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68511);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4858\", \"CVE-2012-0022\");\n script_bugtraq_id(51200, 51447);\n script_xref(name:\"RHSA\", value:\"2012:0475\");\n\n script_name(english:\"Oracle Linux 6 : tomcat6 (ELSA-2012-0475)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0475 :\n\nUpdated tomcat6 packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that the Java hashCode() method implementation was\nsusceptible to predictable hash collisions. A remote attacker could\nuse this flaw to cause Tomcat to use an excessive amount of CPU time\nby sending an HTTP request with a large number of parameters whose\nnames map to the same hash value. This update introduces a limit on\nthe number of parameters processed per request to mitigate this issue.\nThe default limit is 512 for parameters and 128 for headers. These\ndefaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters\nand large parameter values efficiently. A remote attacker could make\nTomcat use an excessive amount of CPU time by sending an HTTP request\ncontaining a large number of parameters or large parameter values.\nThis update introduces limits on the number of parameters and headers\nprocessed per request to address this issue. Refer to the\nCVE-2011-4858 description for information about the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT\nacknowledges Julian Walde and Alexander Klink as the original\nreporters of CVE-2011-4858.\n\nUsers of Tomcat should upgrade to these updated packages, which\ncorrect these issues. Tomcat must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-April/002741.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-6.0.24-36.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-admin-webapps-6.0.24-36.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-docs-webapp-6.0.24-36.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-el-2.1-api-6.0.24-36.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-javadoc-6.0.24-36.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-36.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-lib-6.0.24-36.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-36.el6_2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-webapps-6.0.24-36.el6_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:20:17", "description": "Versions of Tomcat 5.x earlier than 5.5.35 are potentially affected by a denial of service vulnerability. Large numbers of crafted form parameters can cause excessive CPU consumption due to hash collisions.", "cvss3": {}, "published": "2012-02-22T00:00:00", "type": "nessus", "title": "Apache Tomcat 5.5.x < 5.5.35 Hash Collision Denial of Service", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4858", "CVE-2012-0022"], "modified": "2012-02-22T00:00:00", "cpe": [], "id": "800626.PRM", "href": "https://www.tenable.com/plugins/lce/800626", "sourceData": "Binary data 800626.prm", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:20:18", "description": "Versions of Tomcat 7.0.x earlier than 7.0.23 are potentially affected by a denial of service vulnerability. Large numbers of crafted form parameters can cause excessive CPU consumption due to hash collisions.", "cvss3": {}, "published": "2012-02-22T00:00:00", "type": "nessus", "title": "Apache Tomcat 7.0.x < 7.0.23 Hash Collision Denial of Service", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4858", "CVE-2012-0022"], "modified": "2012-02-22T00:00:00", "cpe": [], "id": "800616.PRM", "href": "https://www.tenable.com/plugins/lce/800616", "sourceData": "Binary data 800616.prm", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:20:29", "description": "According to its self-reported version number, the instance of Apache Tomcat 7.x listening on the remote host is prior to 7.0.23. It is, therefore, affected by a denial of service vulnerability.\n\nLarge numbers of crafted form parameters can cause excessive CPU consumption due to hash collisions.\n\nNote that Nessus Network Monitor has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2012-02-22T00:00:00", "type": "nessus", "title": "Apache Tomcat 7.0.x < 7.0.23 Hash Collision DoS", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4858", "CVE-2012-0022"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "6334.PASL", "href": "https://www.tenable.com/plugins/nnm/6334", "sourceData": "Binary data 6334.pasl", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:20:32", "description": "According to its self-reported version number, the instance of Apache Tomcat 5.x listening on the remote host is prior to 5.5.35. It is, therefore, affected by a denial of service vulnerability.\n\nLarge numbers of crafted form parameters can cause excessive CPU consumption due to hash collisions.\n\nNote that Nessus Network Monitor has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2012-02-22T00:00:00", "type": "nessus", "title": "Apache Tomcat 5.5.x < 5.5.35 Hash Collision Denial of Service", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4858", "CVE-2012-0022"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "6331.PASL", "href": "https://www.tenable.com/plugins/nnm/6331", "sourceData": "Binary data 6331.pasl", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:20:09", "description": "According to its self-reported version number, the instance of Apache Tomcat 7.x listening on the remote host is prior to 7.0.23. It is, therefore, affected by a denial of service vulnerability.\n\nLarge numbers of crafted form parameters can cause excessive CPU consumption due to hash collisions.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2012-01-13T00:00:00", "type": "nessus", "title": "Apache Tomcat 7.x < 7.0.23 Hash Collision DoS", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4858", "CVE-2012-0022"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_7_0_23.NASL", "href": "https://www.tenable.com/plugins/nessus/57541", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57541);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2011-4858\", \"CVE-2012-0022\");\n script_bugtraq_id(51200, 51447);\n script_xref(name:\"CERT\", value:\"903934\");\n\n script_name(english:\"Apache Tomcat 7.x < 7.0.23 Hash Collision DoS\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by a denial of service\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 7.x listening on the remote host is prior to 7.0.23. It is,\ntherefore, affected by a denial of service vulnerability.\n\nLarge numbers of crafted form parameters can cause excessive CPU\nconsumption due to hash collisions.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n # http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3C4EFB9800.5010106%40apache.org%3E\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d97dc97c\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nruns.com/_downloads/advisory28122011.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.23\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 7.0.23 or later. Alternatively, as a\nworkaround, set the 'maxPostSize' configuration variable to the lowest\nsensible value required to support your hosted applications.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-4858\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"7.0.23\", min:\"7.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^7(\\.0)?$\");\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:47:43", "description": "The version of VMware vCenter Server installed on the remote host is 4.0 before Update 4a, 4.1 before Update 3, or 5.0 before Update 1. As such it is potentially affected by multiple vulnerabilities in the embedded Apache Tomcat server and the Oracle (Sun) Java Runtime Environment.", "cvss3": {}, "published": "2013-06-05T00:00:00", "type": "nessus", "title": "VMware vCenter Server Multiple Vulnerabilities (VMSA-2012-0005)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3190", "CVE-2011-3375", "CVE-2012-0022"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:vmware:vcenter_server"], "id": "VMWARE_VCENTER_VMSA-2012-0005.NASL", "href": "https://www.tenable.com/plugins/nessus/66812", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif (!defined_func(\"nasl_level\") || nasl_level() < 5000) exit(0, \"Nessus older than 5.x\");\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66812);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n\n script_cve_id(\"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2012-0022\");\n script_bugtraq_id(49353, 51442, 51447);\n script_xref(name:\"VMSA\", value:\"2012-0005\");\n\n script_name(english:\"VMware vCenter Server Multiple Vulnerabilities (VMSA-2012-0005)\");\n script_summary(english:\"Checks version of VMware vCenter Server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a virtualization management application installed\nthat is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware vCenter Server installed on the remote host is\n4.0 before Update 4a, 4.1 before Update 3, or 5.0 before Update 1. As\nsuch it is potentially affected by multiple vulnerabilities in the\nembedded Apache Tomcat server and the Oracle (Sun) Java Runtime\nEnvironment.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2012-0005.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2012/000198.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware vCenter Server 4.0 Update 4a / 4.1 Update 3 / or 5.0\nUpdate 1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vcenter_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_vcenter_detect.nbin\");\n script_require_keys(\"Host/VMware/vCenter\", \"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_kb_item_or_exit(\"Host/VMware/vCenter\");\nversion = get_kb_item_or_exit(\"Host/VMware/version\");\nrelease = get_kb_item_or_exit(\"Host/VMware/release\");\n\nfixversion = \"\";\nif (version =~ '^VMware vCenter 4\\\\.0$')\n{\n build = ereg_replace(pattern:'^VMware vCenter Server [0-9\\\\.]+ build-([0-9]+)$', string:release, replace:\"\\1\");\n # Make sure we extracted the build number correctly\n if (build =~ '^[0-9]+$')\n {\n if (int(build) < 818020) fixversion = '4.0.0 build-818020';\n }\n else exit(1, 'Failed to extract the build number from the release string.');\n}\nelse if (version =~ '^VMware vCenter 4\\\\.1$')\n{\n build = ereg_replace(pattern:'^VMware vCenter Server [0-9\\\\.]+ build-([0-9]+)$', string:release, replace:\"\\1\");\n # Make sure we extracted the build number correctly\n if (build =~ '^[0-9]+$')\n {\n if (int(build) < 799345) fixversion = '4.1.0 build-799345';\n }\n else exit(1, 'Failed to extract the build number from the release string.');\n}\nelse if (version =~ '^VMware vCenter 5\\\\.0$')\n{\n build = ereg_replace(pattern:'^VMware vCenter Server [0-9\\\\.]+ build-([0-9]+)$', string:release, replace:\"\\1\");\n # Make sure we extracted the build number correctly\n if (build =~ '^[0-9]+$')\n {\n if (int(build) < 623373) fixversion = '5.0.0 build-623373';\n }\n else exit(1, 'Failed to extract the build number from the release string.');\n}\n\nif (fixversion)\n{\n if (report_verbosity > 0)\n {\n release = release - 'VMware vCenter Server ';\n report =\n '\\n Installed version : ' + release +\n '\\n Fixed version : ' + fixversion + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse\n{\n release = release - 'VMware vCenter Server ';\n audit(AUDIT_LISTEN_NOT_VULN, 'VMware vCenter Server', port, release);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:20:56", "description": "It was discovered that Tomcat incorrectly performed certain caching and recycling operations. A remote attacker could use this flaw to obtain read access to IP address and HTTP header information in certain cases. This issue only applied to Ubuntu 11.10.\n(CVE-2011-3375)\n\nIt was discovered that Tomcat computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. A remote attacker could cause a denial of service by sending many crafted parameters. (CVE-2011-4858)\n\nIt was discovered that Tomcat incorrectly handled parameters. A remote attacker could cause a denial of service by sending requests with a large number of parameters and values. (CVE-2012-0022).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-02-14T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : tomcat6 vulnerabilities (USN-1359-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3375", "CVE-2011-4858", "CVE-2012-0022"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10"], "id": "UBUNTU_USN-1359-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57933", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1359-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57933);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2012-0022\");\n script_bugtraq_id(51200, 51442, 51447);\n script_xref(name:\"USN\", value:\"1359-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : tomcat6 vulnerabilities (USN-1359-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Tomcat incorrectly performed certain caching\nand recycling operations. A remote attacker could use this flaw to\nobtain read access to IP address and HTTP header information in\ncertain cases. This issue only applied to Ubuntu 11.10.\n(CVE-2011-3375)\n\nIt was discovered that Tomcat computed hash values for form parameters\nwithout restricting the ability to trigger hash collisions\npredictably. A remote attacker could cause a denial of service by\nsending many crafted parameters. (CVE-2011-4858)\n\nIt was discovered that Tomcat incorrectly handled parameters. A remote\nattacker could cause a denial of service by sending requests with a\nlarge number of parameters and values. (CVE-2012-0022).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1359-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtomcat6-java package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.24-2ubuntu1.10\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.28-2ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.28-10ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.32-5ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtomcat6-java\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:57:43", "description": "This update of tomcat6 fixes :\n\n - apache-tomcat-CVE-2012-3544.patch. (bnc#831119)\n\n - use chown --no-dereference to prevent symlink attacks on log (bnc#822177#c7/prevents CVE-2013-1976)\n\n - Fix tomcat init scripts generating malformed classpath ( http://youtrack.jetbrains.com/issue/JT-18545 ) bnc#804992 (patch from m407)\n\n - fix a typo in initscript. (bnc#768772)\n\n - copy all shell scripts (bnc#818948)", "cvss3": {}, "published": "2013-08-23T00:00:00", "type": "nessus", "title": "SuSE 11.2 / 11.3 Security Update : tomcat6 (SAT Patch Numbers 8155 / 8156)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0022", "CVE-2012-3544", "CVE-2013-1976"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:tomcat6", "p-cpe:/a:novell:suse_linux:11:tomcat6-admin-webapps", "p-cpe:/a:novell:suse_linux:11:tomcat6-docs-webapp", "p-cpe:/a:novell:suse_linux:11:tomcat6-javadoc", "p-cpe:/a:novell:suse_linux:11:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:suse_linux:11:tomcat6-lib", "p-cpe:/a:novell:suse_linux:11:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:suse_linux:11:tomcat6-webapps", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_TOMCAT6-130802.NASL", "href": "https://www.tenable.com/plugins/nessus/69458", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69458);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0022\", \"CVE-2012-3544\", \"CVE-2013-1976\");\n\n script_name(english:\"SuSE 11.2 / 11.3 Security Update : tomcat6 (SAT Patch Numbers 8155 / 8156)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat6 fixes :\n\n - apache-tomcat-CVE-2012-3544.patch. (bnc#831119)\n\n - use chown --no-dereference to prevent symlink attacks on\n log (bnc#822177#c7/prevents CVE-2013-1976)\n\n - Fix tomcat init scripts generating malformed classpath (\n http://youtrack.jetbrains.com/issue/JT-18545 )\n bnc#804992 (patch from m407)\n\n - fix a typo in initscript. (bnc#768772)\n\n - copy all shell scripts (bnc#818948)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=768772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=804992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=818948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=822177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=831119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0022.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3544.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1976.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 8155 / 8156 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"tomcat6-6.0.18-20.35.42.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"tomcat6-admin-webapps-6.0.18-20.35.42.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"tomcat6-docs-webapp-6.0.18-20.35.42.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"tomcat6-javadoc-6.0.18-20.35.42.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"tomcat6-jsp-2_1-api-6.0.18-20.35.42.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"tomcat6-lib-6.0.18-20.35.42.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"tomcat6-servlet-2_5-api-6.0.18-20.35.42.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"tomcat6-webapps-6.0.18-20.35.42.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"tomcat6-6.0.18-20.35.42.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"tomcat6-admin-webapps-6.0.18-20.35.42.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"tomcat6-docs-webapp-6.0.18-20.35.42.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"tomcat6-javadoc-6.0.18-20.35.42.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"tomcat6-jsp-2_1-api-6.0.18-20.35.42.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"tomcat6-lib-6.0.18-20.35.42.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"tomcat6-servlet-2_5-api-6.0.18-20.35.42.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"tomcat6-webapps-6.0.18-20.35.42.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:20:16", "description": "Versions of Apache Tomcat 6.0.35 are potentially affected by multiple vulnerabilities :\n\n - Specially crafted requests are incorrectly processed by Tomcat and can cause the server to allow injection of arbitrary AJP messages. This can lead to authentication bypass and disclosure of sensitive information. Note this vulnerability only occurs when the following are true (CVE-2011-3190):\n\n - the org.apache.jk.server.JkCoyoteHandler AJP connector is not used.\n - POST requests are accepted.\n - Large numbers of crafted form parameters can cause excessive CPU consumption due to hash collisions. (CVE-2011-4858, CVE-2012-0022)\nIAVB Reference : 2012-B-0035\nSTIG Finding Severity : Category I", "cvss3": {}, "published": "2012-02-22T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.35 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3190", "CVE-2011-3375", "CVE-2011-4858", "CVE-2012-0022"], "modified": "2012-02-22T00:00:00", "cpe": [], "id": "800607.PRM", "href": "https://www.tenable.com/plugins/lce/800607", "sourceData": "Binary data 800607.prm", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:20:28", "description": "According to its self-reported version number, the instance of Apache Tomcat 6.x listening on the remote host is prior to 6.0.35. It is, therefore, affected by multiple vulnerabilities:\n\n - Specially crafted requests are incorrectly processed by Tomcat and can cause the server to allow injection of arbitrary AJP messages. This can lead to authentication bypass and disclosure of sensitive information. (CVE-2011-3190)\n\n - An information disclosure vulnerability exists. Request information is cached in two objects and these objects are not recycled at the same time. Further requests can obtain sensitive information if certain error conditions occur. (CVE-2011-3375)\n\n - Large numbers of crafted form parameters can cause excessive CPU consumption due to hash collisions. (CVE-2011-4858, CVE-2012-0022)\n\nNote that Nessus Network Monitor has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2012-02-22T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.35 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3190", "CVE-2011-3375", "CVE-2011-4858", "CVE-2012-0022"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "6332.PASL", "href": "https://www.tenable.com/plugins/nnm/6332", "sourceData": "Binary data 6332.pasl", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:39:36", "description": "According to its self-reported version number, the instance of Apache Tomcat 6.x listening on the remote host is prior to 6.0.35. It is, therefore, affected by multiple vulnerabilities :\n\n - Specially crafted requests are incorrectly processed by Tomcat and can cause the server to allow injection of arbitrary AJP messages. This can lead to authentication bypass and disclosure of sensitive information. (CVE-2011-3190)\n\n - An information disclosure vulnerability exists. Request information is cached in two objects and these objects are not recycled at the same time. Further requests can obtain sensitive information if certain error conditions occur. (CVE-2011-3375)\n\n - Large numbers of crafted form parameters can cause excessive CPU consumption due to hash collisions.\n (CVE-2011-4858, CVE-2012-0022)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2011-12-12T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.x < 6.0.35 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3190", "CVE-2011-3375", "CVE-2011-4858", "CVE-2012-0022"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_6_0_35.NASL", "href": "https://www.tenable.com/plugins/nessus/57080", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57080);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2011-3190\",\n \"CVE-2011-3375\",\n \"CVE-2011-4858\",\n \"CVE-2012-0022\"\n );\n script_bugtraq_id(\n 49353,\n 51200,\n 51442,\n 51447\n );\n script_xref(name:\"CERT\", value:\"903934\");\n\n script_name(english:\"Apache Tomcat 6.x < 6.0.35 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 6.x listening on the remote host is prior to 6.0.35. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - Specially crafted requests are incorrectly processed\n by Tomcat and can cause the server to allow injection\n of arbitrary AJP messages. This can lead to\n authentication bypass and disclosure of sensitive\n information. (CVE-2011-3190)\n\n - An information disclosure vulnerability exists. Request\n information is cached in two objects and these objects\n are not recycled at the same time. Further requests can\n obtain sensitive information if certain error conditions\n occur. (CVE-2011-3375)\n\n - Large numbers of crafted form parameters can cause\n excessive CPU consumption due to hash collisions.\n (CVE-2011-4858, CVE-2012-0022)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bz.apache.org/bugzilla/show_bug.cgi?id=51698#c2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://svn.apache.org/viewvc?view=revision&revision=1162959\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.35\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nruns.com/_downloads/advisory28122011.pdf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 6.0.35 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-3190\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"6.0.35\", min:\"6.0.0\", severity:SECURITY_HOLE, granularity_regex:\"^6(\\.0)?$\");\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:01:40", "description": "According to the version of one or more Juniper NSM servers running on the remote host, it is potentially affected by the following vulnerabilities related to the included Apache Tomcat version :\n\n - An error exists related to handling requests containing several parameters that could allow denial of service attacks. (CVE-2012-0022)\n\n - An error exists related to handling partial HTTP requests that could allow denial of service attacks.\n (CVE-2012-5568)\n\n - Errors exist related to handling DIGEST authentication that could allow security mechanisms to be bypassed.\n (CVE-2012-5885, CVE-2012-5886, CVE-2012-5887)", "cvss3": {}, "published": "2013-11-21T00:00:00", "type": "nessus", "title": "Juniper NSM Servers < 2012.2R5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0022", "CVE-2012-5568", "CVE-2012-5885", "CVE-2012-5886", "CVE-2012-5887"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:juniper:netscreen-security_manager"], "id": "JUNIPER_NSM_2012_2_R5.NASL", "href": "https://www.tenable.com/plugins/nessus/71023", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71023);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2012-0022\",\n \"CVE-2012-5568\",\n \"CVE-2012-5885\",\n \"CVE-2012-5886\",\n \"CVE-2012-5887\"\n );\n script_bugtraq_id(51447, 56403, 56686);\n\n script_name(english:\"Juniper NSM Servers < 2012.2R5 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of one or more Juniper NSM servers running on\nthe remote host, it is potentially affected by the following\nvulnerabilities related to the included Apache Tomcat version :\n\n - An error exists related to handling requests containing\n several parameters that could allow denial of service\n attacks. (CVE-2012-0022)\n\n - An error exists related to handling partial HTTP\n requests that could allow denial of service attacks.\n (CVE-2012-5568)\n\n - Errors exist related to handling DIGEST authentication\n that could allow security mechanisms to be bypassed.\n (CVE-2012-5885, CVE-2012-5886, CVE-2012-5887)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.juniper.net/support/downloads/?p=nsm#sw\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to NSM version 2012.2R5.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:juniper:netscreen-security_manager\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"juniper_nsm_gui_svr_detect.nasl\", \"juniper_nsm_servers_installed.nasl\");\n script_require_keys(\"Juniper_NSM_VerDetected\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"global_settings.inc\");\n\nkb_base = \"Host/NSM/\";\n\nget_kb_item_or_exit(\"Juniper_NSM_VerDetected\");\n\nkb_list = make_list();\n\ntemp = get_kb_list(\"Juniper_NSM_GuiSvr/*/build\");\n\nif (!isnull(temp) && max_index(keys(temp)) > 0)\n kb_list = make_list(kb_list, keys(temp));\n\ntemp = get_kb_list(\"Host/NSM/*/build\");\nif (!isnull(temp) && max_index(keys(temp)) > 0)\n kb_list = make_list(kb_list, keys(temp));\n\nif (isnull(kb_list)) audit(AUDIT_NOT_INST, \"Juniper NSM Servers\");\n\nreport = '';\n\nentry = branch(kb_list);\n\nport = 0;\nkb_base = '';\n\nif (\"Juniper_NSM_GuiSvr\" >< entry)\n{\n port = entry - \"Juniper_NSM_GuiSvr/\" - \"/build\";\n kb_base = \"Juniper_NSM_GuiSvr/\" + port + \"/\";\n\n report_str1 = \"Remote GUI server version : \";\n}\nelse\n{\n kb_base = entry - \"build\";\n if (\"guiSvr\" >< kb_base)\n report_str1 = \"Local GUI server version : \";\n else\n report_str1 = \"Local device server version : \";\n}\n\nbuild = get_kb_item_or_exit(entry);\nversion = get_kb_item_or_exit(kb_base + 'version');\n\ndisp_version = version + \" (\" + build + \")\";\n\n# affected per advisory :\n# 2010.3\n# 2011.4\n# 2012.1\n# 2012.2\n# fix :\n# NSM version 2012.2R5 or later\nitem = eregmatch(pattern:\"^([0-9.R]+)\", string:version);\nif (!isnull(item))\n{\n if (\n item[1] =~ \"^2010\\.3($|[^0-9])\"\n ||\n item[1] =~ \"^2011\\.4($|[^0-9])\"\n ||\n item[1] =~ \"^2012\\.1($|[^0-9])\"\n ||\n item[1] =~ \"^2012\\.2($|R[1-4]$)\"\n )\n {\n report += '\\n ' + report_str1 + disp_version +\n '\\n Fixed version : 2012.2R5 (LGB18z1e51)' + '\\n';\n }\n}\n\nif (report == '') audit(AUDIT_INST_VER_NOT_VULN, \"Juniper NSM GUI Server or Device Server\");\n\nif (report_verbosity > 0) security_warning(extra:report, port:port);\nelse security_warning(port);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:37:10", "description": "Updated jbossweb packages that fix multiple security issues are now available for JBoss Enterprise Application Platform 5.1.2 for Red Hat Enterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nJBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages (JSP) and Java Servlet technologies.\n\nA flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service (infinite loop) on the JBoss Web server.\n(CVE-2011-4610)\n\nIt was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters and headers processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in 'jboss-as/server/[PROFILE]/deploy/properties-service.xml'.\n(CVE-2011-4858)\n\nIt was found that JBoss Web did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make a JBoss Web server use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue.\nRefer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nMultiple flaws were found in the way JBoss Web handled HTTP DIGEST authentication. These flaws weakened the JBoss Web HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064)\n\nA flaw was found in the way JBoss Web handled sendfile request attributes when using the HTTP APR (Apache Portable Runtime) or NIO (Non-Blocking I/O) connector. A malicious web application running on a JBoss Web instance could use this flaw to bypass security manager restrictions and gain access to files it would otherwise be unable to access, or possibly terminate the Java Virtual Machine (JVM).\n(CVE-2011-2526)\n\nRed Hat would like to thank NTT OSSC for reporting CVE-2011-4610;\noCERT for reporting CVE-2011-4858; and the Apache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858.\n\nWarning: Before applying this update, back up your JBoss Enterprise Application Platform's 'jboss-as/server/[PROFILE]/deploy/' directory, along with all other customized configuration files.\n\nUsers of JBoss Enterprise Application Platform 5.1.2 on Red Hat Enterprise Linux 4, 5, and 6 should upgrade to these updated packages, which correct these issues. The JBoss server process must be restarted for this update to take effect.", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : jbossweb (RHSA-2012:0074)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2526", "CVE-2011-4610", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jbossweb", "p-cpe:/a:redhat:enterprise_linux:jbossweb-el-1.0-api", "p-cpe:/a:redhat:enterprise_linux:jbossweb-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:jbossweb-lib", "p-cpe:/a:redhat:enterprise_linux:jbossweb-servlet-2.5-api", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2012-0074.NASL", "href": "https://www.tenable.com/plugins/nessus/64022", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0074. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64022);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2526\", \"CVE-2011-4610\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_xref(name:\"RHSA\", value:\"2012:0074\");\n\n script_name(english:\"RHEL 5 / 6 : jbossweb (RHSA-2012:0074)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated jbossweb packages that fix multiple security issues are now\navailable for JBoss Enterprise Application Platform 5.1.2 for Red Hat\nEnterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nJBoss Web is the web container, based on Apache Tomcat, in JBoss\nEnterprise Application Platform. It provides a single deployment\nplatform for the JavaServer Pages (JSP) and Java Servlet technologies.\n\nA flaw was found in the way JBoss Web handled UTF-8 surrogate pair\ncharacters. If JBoss Web was hosting an application with UTF-8\ncharacter encoding enabled, or that included user-supplied UTF-8\nstrings in a response, a remote attacker could use this flaw to cause\na denial of service (infinite loop) on the JBoss Web server.\n(CVE-2011-4610)\n\nIt was found that the Java hashCode() method implementation was\nsusceptible to predictable hash collisions. A remote attacker could\nuse this flaw to cause JBoss Web to use an excessive amount of CPU\ntime by sending an HTTP request with a large number of parameters\nwhose names map to the same hash value. This update introduces a limit\non the number of parameters and headers processed per request to\nmitigate this issue. The default limit is 512 for parameters and 128\nfor headers. These defaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in\n'jboss-as/server/[PROFILE]/deploy/properties-service.xml'.\n(CVE-2011-4858)\n\nIt was found that JBoss Web did not handle large numbers of parameters\nand large parameter values efficiently. A remote attacker could make a\nJBoss Web server use an excessive amount of CPU time by sending an\nHTTP request containing a large number of parameters or large\nparameter values. This update introduces limits on the number of\nparameters and headers processed per request to address this issue.\nRefer to the CVE-2011-4858 description for information about the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nMultiple flaws were found in the way JBoss Web handled HTTP DIGEST\nauthentication. These flaws weakened the JBoss Web HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses\nof HTTP BASIC authentication, for example, allowing remote attackers\nto perform session replay attacks. (CVE-2011-1184, CVE-2011-5062,\nCVE-2011-5063, CVE-2011-5064)\n\nA flaw was found in the way JBoss Web handled sendfile request\nattributes when using the HTTP APR (Apache Portable Runtime) or NIO\n(Non-Blocking I/O) connector. A malicious web application running on a\nJBoss Web instance could use this flaw to bypass security manager\nrestrictions and gain access to files it would otherwise be unable to\naccess, or possibly terminate the Java Virtual Machine (JVM).\n(CVE-2011-2526)\n\nRed Hat would like to thank NTT OSSC for reporting CVE-2011-4610;\noCERT for reporting CVE-2011-4858; and the Apache Tomcat project for\nreporting CVE-2011-2526. oCERT acknowledges Julian Walde and\nAlexander Klink as the original reporters of CVE-2011-4858.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's 'jboss-as/server/[PROFILE]/deploy/' directory,\nalong with all other customized configuration files.\n\nUsers of JBoss Enterprise Application Platform 5.1.2 on Red Hat\nEnterprise Linux 4, 5, and 6 should upgrade to these updated packages,\nwhich correct these issues. The JBoss server process must be restarted\nfor this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4610\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-el-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0074\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-2.1.12-3_patch_03.2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-el-1.0-api-2.1.12-3_patch_03.2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-jsp-2.1-api-2.1.12-3_patch_03.2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-lib-2.1.12-3_patch_03.2.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-servlet-2.5-api-2.1.12-3_patch_03.2.ep5.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-2.1.12-3_patch_03.2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-el-1.0-api-2.1.12-3_patch_03.2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-jsp-2.1-api-2.1.12-3_patch_03.2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-lib-2.1.12-3_patch_03.2.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-servlet-2.5-api-2.1.12-3_patch_03.2.ep5.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jbossweb / jbossweb-el-1.0-api / jbossweb-jsp-2.1-api / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-18T14:40:47", "description": "Updated tomcat5 packages that fix multiple security issues and two bugs are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nJBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime (APR) support for Tomcat. References in this text to APR refer to the Tomcat Native implementation, not any other apr package.\n\nThis update includes bug fixes as documented in JBPAPP-4873 and JBPAPP-6133. It also resolves the following security issues :\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor) and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ Protocol) connectors processed certain POST requests. An attacker could send a specially crafted request that would cause the connector to treat the message body as a new request. This allows arbitrary AJP messages to be injected, possibly allowing an attacker to bypass a web application's authentication checks and gain access to information they would otherwise be unable to access. The JK (org.apache.jk.server.JkCoyoteHandler) connector is used by default when the APR libraries are not present. The JK connector is not affected by this flaw. (CVE-2011-3190)\n\nIt was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue.\nThe default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values.\nThis update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204)\n\nA flaw was found in the way Tomcat handled sendfile request attributes when using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application running on a Tomcat instance could use this flaw to bypass security manager restrictions and gain access to files it would otherwise be unable to access, or possibly terminate the Java Virtual Machine (JVM). The HTTP NIO connector is used by default in JBoss Enterprise Web Server. (CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the Apache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858.\n\nUsers of Tomcat should upgrade to these updated packages, which resolve these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2014-11-08T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : JBoss Web Server (RHSA-2012:0680)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat5", "p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-eclipse", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-parent", "p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2012-0680.NASL", "href": "https://www.tenable.com/plugins/nessus/78924", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0680. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78924);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_bugtraq_id(48456, 48667, 49353, 49762, 51200, 51447);\n script_xref(name:\"RHSA\", value:\"2012:0680\");\n\n script_name(english:\"RHEL 5 / 6 : JBoss Web Server (RHSA-2012:0680)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat5 packages that fix multiple security issues and two\nbugs are now available for JBoss Enterprise Web Server 1.0.2 for Red\nHat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nJBoss Enterprise Web Server includes the Tomcat Native library,\nproviding Apache Portable Runtime (APR) support for Tomcat. References\nin this text to APR refer to the Tomcat Native implementation, not any\nother apr package.\n\nThis update includes bug fixes as documented in JBPAPP-4873 and\nJBPAPP-6133. It also resolves the following security issues :\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses\nof HTTP BASIC authentication, for example, allowing remote attackers\nto perform session replay attacks. (CVE-2011-1184, CVE-2011-5062,\nCVE-2011-5063, CVE-2011-5064)\n\nA flaw was found in the way the Coyote\n(org.apache.coyote.ajp.AjpProcessor) and APR\n(org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker\ncould send a specially crafted request that would cause the connector\nto treat the message body as a new request. This allows arbitrary AJP\nmessages to be injected, possibly allowing an attacker to bypass a web\napplication's authentication checks and gain access to information\nthey would otherwise be unable to access. The JK\n(org.apache.jk.server.JkCoyoteHandler) connector is used by default\nwhen the APR libraries are not present. The JK connector is not\naffected by this flaw. (CVE-2011-3190)\n\nIt was found that the Java hashCode() method implementation was\nsusceptible to predictable hash collisions. A remote attacker could\nuse this flaw to cause Tomcat to use an excessive amount of CPU time\nby sending an HTTP request with a large number of parameters whose\nnames map to the same hash value. This update introduces a limit on\nthe number of parameters processed per request to mitigate this issue.\nThe default limit is 512 for parameters and 128 for headers. These\ndefaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters\nand large parameter values efficiently. A remote attacker could make\nTomcat use an excessive amount of CPU time by sending an HTTP request\ncontaining a large number of parameters or large parameter values.\nThis update introduces limits on the number of parameters and headers\nprocessed per request to address this issue. Refer to the\nCVE-2011-4858 description for information about the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime\nexception occurred when creating a new user with a JMX client, that\nuser's password was logged to Tomcat log files. Note: By default, only\nadministrators have access to such log files. (CVE-2011-2204)\n\nA flaw was found in the way Tomcat handled sendfile request attributes\nwhen using the HTTP APR or NIO (Non-Blocking I/O) connector. A\nmalicious web application running on a Tomcat instance could use this\nflaw to bypass security manager restrictions and gain access to files\nit would otherwise be unable to access, or possibly terminate the Java\nVirtual Machine (JVM). The HTTP NIO connector is used by default in\nJBoss Enterprise Web Server. (CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the\nApache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges\nJulian Walde and Alexander Klink as the original reporters of\nCVE-2011-4858.\n\nUsers of Tomcat should upgrade to these updated packages, which\nresolve these issues. Tomcat must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-5.html\"\n );\n # https://issues.jboss.org/browse/JBPAPP-4873\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://issues.jboss.org/browse/JBPAPP-4873?_sscc=t\"\n );\n # https://issues.jboss.org/browse/JBPAPP-6133\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://issues.jboss.org/browse/JBPAPP-6133?_sscc=t\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0022\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-eclipse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0680\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"mod_cluster\") || rpm_exists(release:\"RHEL6\", rpm:\"mod_cluster\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss Web Server\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-5.5.33-27_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-admin-webapps-5.5.33-27_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-common-lib-5.5.33-27_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-jasper-5.5.33-27_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-jasper-eclipse-5.5.33-27_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-jasper-javadoc-5.5.33-27_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-jsp-2.0-api-5.5.33-27_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.33-27_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-parent-5.5.33-27_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-server-lib-5.5.33-27_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-servlet-2.4-api-5.5.33-27_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.33-27_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-webapps-5.5.33-27_patch_07.ep5.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-5.5.33-28_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-admin-webapps-5.5.33-28_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-common-lib-5.5.33-28_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-jasper-5.5.33-28_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-jasper-eclipse-5.5.33-28_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-jasper-javadoc-5.5.33-28_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-jsp-2.0-api-5.5.33-28_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.33-28_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-parent-5.5.33-28_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-server-lib-5.5.33-28_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-servlet-2.4-api-5.5.33-28_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.33-28_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-webapps-5.5.33-28_patch_07.ep5.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:20:45", "description": "Several vulnerabilities have been found in Tomcat, a servlet and JSP engine :\n\n - CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 The HTTP Digest Access Authentication implementation performed insufficient countermeasures against replay attacks.\n\n - CVE-2011-2204 In rare setups passwords were written into a logfile.\n\n - CVE-2011-2526 Missing input sanitising in the HTTP APR or HTTP NIO connectors could lead to denial of service.\n\n - CVE-2011-3190 AJP requests could be spoofed in some setups.\n\n - CVE-2011-3375 Incorrect request caching could lead to information disclosure.\n\n - CVE-2011-4858 CVE-2012-0022 This update adds countermeasures against a collision denial of service vulnerability in the Java hashtable implementation and addresses denial of service potentials when processing large amounts of requests.\n\nAdditional information can be found at", "cvss3": {}, "published": "2012-02-03T00:00:00", "type": "nessus", "title": "Debian DSA-2401-1 : tomcat6 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat6", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2401.NASL", "href": "https://www.tenable.com/plugins/nessus/57812", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2401. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57812);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_bugtraq_id(48456, 48667, 49353, 49762, 51200, 51442, 51447);\n script_xref(name:\"DSA\", value:\"2401\");\n\n script_name(english:\"Debian DSA-2401-1 : tomcat6 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been found in Tomcat, a servlet and JSP\nengine :\n\n - CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064\n The HTTP Digest Access Authentication implementation\n performed insufficient countermeasures against replay\n attacks.\n\n - CVE-2011-2204\n In rare setups passwords were written into a logfile.\n\n - CVE-2011-2526\n Missing input sanitising in the HTTP APR or HTTP NIO\n connectors could lead to denial of service.\n\n - CVE-2011-3190\n AJP requests could be spoofed in some setups.\n\n - CVE-2011-3375\n Incorrect request caching could lead to information\n disclosure.\n\n - CVE-2011-4858 CVE-2012-0022\n This update adds countermeasures against a collision\n denial of service vulnerability in the Java hashtable\n implementation and addresses denial of service\n potentials when processing large amounts of requests.\n\nAdditional information can be found at\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-5062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-5063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-5064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/tomcat6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2401\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat6 packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6.0.35-1+squeeze2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libservlet2.5-java\", reference:\"6.0.35-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libservlet2.5-java-doc\", reference:\"6.0.35-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtomcat6-java\", reference:\"6.0.35-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6\", reference:\"6.0.35-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-admin\", reference:\"6.0.35-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-common\", reference:\"6.0.35-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-docs\", reference:\"6.0.35-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-examples\", reference:\"6.0.35-1+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-user\", reference:\"6.0.35-1+squeeze2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:40:17", "description": "Updated tomcat6 packages that fix multiple security issues and three bugs are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container.\n\nJBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime (APR) support for Tomcat. References in this text to APR refer to the Tomcat Native implementation, not any other apr package.\n\nThis update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs.\nIt also resolves the following security issues :\n\nMultiple flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor) and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ Protocol) connectors processed certain POST requests. An attacker could send a specially crafted request that would cause the connector to treat the message body as a new request. This allows arbitrary AJP messages to be injected, possibly allowing an attacker to bypass a web application's authentication checks and gain access to information they would otherwise be unable to access. The JK (org.apache.jk.server.JkCoyoteHandler) connector is used by default when the APR libraries are not present. The JK connector is not affected by this flaw. (CVE-2011-3190)\n\nA flaw in the way Tomcat recycled objects that contain data from user requests (such as IP addresses and HTTP headers) when certain errors occurred. If a user sent a request that caused an error to be logged, Tomcat would return a reply to the next request (which could be sent by a different user) with data from the first user's request, leading to information disclosure. Under certain conditions, a remote attacker could leverage this flaw to hijack sessions. (CVE-2011-3375)\n\nThe Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nTomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nA flaw in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204)\n\nA flaw in the way Tomcat handled sendfile request attributes when using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application running on a Tomcat instance could use this flaw to bypass security manager restrictions and gain access to files it would otherwise be unable to access, or possibly terminate the Java Virtual Machine (JVM). The HTTP NIO connector is used by default in JBoss Enterprise Web Server. (CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the Apache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858.", "cvss3": {}, "published": "2014-11-08T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : JBoss Web Server (RHSA-2012:0682)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat6-el-1.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat6-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2012-0682.NASL", "href": "https://www.tenable.com/plugins/nessus/78925", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0682. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78925);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_bugtraq_id(48456, 48667, 49353, 49762, 51200, 51442, 51447);\n script_xref(name:\"RHSA\", value:\"2012:0682\");\n\n script_name(english:\"RHEL 5 / 6 : JBoss Web Server (RHSA-2012:0682)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat6 packages that fix multiple security issues and three\nbugs are now available for JBoss Enterprise Web Server 1.0.2 for Red\nHat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container.\n\nJBoss Enterprise Web Server includes the Tomcat Native library,\nproviding Apache Portable Runtime (APR) support for Tomcat. References\nin this text to APR refer to the Tomcat Native implementation, not any\nother apr package.\n\nThis update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs.\nIt also resolves the following security issues :\n\nMultiple flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform\nsession replay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063,\nCVE-2011-5064)\n\nA flaw was found in the way the Coyote\n(org.apache.coyote.ajp.AjpProcessor) and APR\n(org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker\ncould send a specially crafted request that would cause the connector\nto treat the message body as a new request. This allows arbitrary AJP\nmessages to be injected, possibly allowing an attacker to bypass a web\napplication's authentication checks and gain access to information\nthey would otherwise be unable to access. The JK\n(org.apache.jk.server.JkCoyoteHandler) connector is used by default\nwhen the APR libraries are not present. The JK connector is not\naffected by this flaw. (CVE-2011-3190)\n\nA flaw in the way Tomcat recycled objects that contain data from user\nrequests (such as IP addresses and HTTP headers) when certain errors\noccurred. If a user sent a request that caused an error to be logged,\nTomcat would return a reply to the next request (which could be sent\nby a different user) with data from the first user's request, leading\nto information disclosure. Under certain conditions, a remote attacker\ncould leverage this flaw to hijack sessions. (CVE-2011-3375)\n\nThe Java hashCode() method implementation was susceptible to\npredictable hash collisions. A remote attacker could use this flaw to\ncause Tomcat to use an excessive amount of CPU time by sending an HTTP\nrequest with a large number of parameters whose names map to the same\nhash value. This update introduces a limit on the number of parameters\nprocessed per request to mitigate this issue. The default limit is 512\nfor parameters and 128 for headers. These defaults can be changed by\nsetting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nTomcat did not handle large numbers of parameters and large parameter\nvalues efficiently. A remote attacker could make Tomcat use an\nexcessive amount of CPU time by sending an HTTP request containing a\nlarge number of parameters or large parameter values. This update\nintroduces limits on the number of parameters and headers processed\nper request to address this issue. Refer to the CVE-2011-4858\ndescription for information about the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nA flaw in the Tomcat MemoryUserDatabase. If a runtime exception\noccurred when creating a new user with a JMX client, that user's\npassword was logged to Tomcat log files. Note: By default, only\nadministrators have access to such log files. (CVE-2011-2204)\n\nA flaw in the way Tomcat handled sendfile request attributes when\nusing the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious\nweb application running on a Tomcat instance could use this flaw to\nbypass security manager restrictions and gain access to files it would\notherwise be unable to access, or possibly terminate the Java Virtual\nMachine (JVM). The HTTP NIO connector is used by default in JBoss\nEnterprise Web Server. (CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the\nApache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges\nJulian Walde and Alexander Klink as the original reporters of\nCVE-2011-4858.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-6.html\"\n );\n # https://issues.jboss.org/browse/JBPAPP-4873\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://issues.jboss.org/browse/JBPAPP-4873?_sscc=t\"\n );\n # https://issues.jboss.org/browse/JBPAPP-6133\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://issues.jboss.org/browse/JBPAPP-6133?_sscc=t\"\n );\n # https://issues.jboss.org/browse/JBPAPP-6852\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://issues.jboss.org/browse/JBPAPP-6852?_sscc=t\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3375\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0682\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"mod_cluster\") || rpm_exists(release:\"RHEL6\", rpm:\"mod_cluster\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss Web Server\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-6.0.32-24_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-admin-webapps-6.0.32-24_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-docs-webapp-6.0.32-24_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-el-1.0-api-6.0.32-24_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-javadoc-6.0.32-24_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-jsp-2.1-api-6.0.32-24_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-lib-6.0.32-24_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-log4j-6.0.32-24_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-servlet-2.5-api-6.0.32-24_patch_07.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-webapps-6.0.32-24_patch_07.ep5.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-6.0.32-24_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-admin-webapps-6.0.32-24_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-docs-webapp-6.0.32-24_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-el-1.0-api-6.0.32-24_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-javadoc-6.0.32-24_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-jsp-2.1-api-6.0.32-24_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-lib-6.0.32-24_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-log4j-6.0.32-24_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-servlet-2.5-api-6.0.32-24_patch_07.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-webapps-6.0.32-24_patch_07.ep5.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:21:50", "description": "a. VMware Tools Display Driver Privilege Escalation\n\n The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege escalation on Windows-based Guest Operating Systems.\n\n VMware would like to thank Tarjei Mandt for reporting theses issues to us.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-1509 (XPDM buffer overrun), CVE-2012-1510 (WDDM buffer overrun) and CVE-2012-1508 (XPDM null pointer dereference) to these issues.\n\n Note: CVE-2012-1509 doesn't affect ESXi and ESX.\n\nb. vSphere Client internal browser input validation vulnerability\n\n The vSphere Client has an internal browser that renders html pages from log file entries. This browser doesn't properly sanitize input and may run script that is introduced into the log files. In order for the script to run, the user would need to open an individual, malicious log file entry. The script would run with the permissions of the user that runs the vSphere Client.\n\n VMware would like to thank Edward Torkington for reporting this issue to us.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1512 to this issue.\n\n In order to remediate the issue, the vSphere Client of the vSphere 5.0 Update 1 release or the vSphere 4.1 Update 2 release needs to be installed. The vSphere Clients that come with vSphere 4.0 and vCenter Server 2.5 are not affected.\n\nc. vCenter Orchestrator Password Disclosure\n\n The vCenter Orchestrator (vCO) Web Configuration tool reflects back the vCenter Server password as part of the webpage. This might allow the logged-in vCO administrator to retrieve the vCenter Server password.\n\n VMware would like to thank Alexey Sintsov from Digital Security Research Group for reporting this issue to us.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1513 to this issue.\n\nd. vShield Manager Cross-Site Request Forgery vulnerability\n\n The vShield Manager (vSM) interface has a Cross-Site Request Forgery vulnerability. If an attacker can convince an authenticated user to visit a malicious link, the attacker may force the victim to forward an authenticated request to the server.\n\n VMware would like to thank Frans Pehrson of Xxor AB (www.xxor.se<http://www.xxor.se>) and Claudio Criscione for independently reporting this issue to us\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1514 to this issue.\n\ne. vCenter Update Manager, Oracle (Sun) JRE update 1.6.0_30\n\n Oracle (Sun) JRE is updated to version 1.6.0_30, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE.\n\n Oracle has documented the CVE identifiers that are addressed in JRE 1.6.0_29 and JRE 1.6.0_30 in the Oracle Java SE Critical Patch Update Advisory of October 2011. The References section provides a link to this advisory.\n\nf. vCenter Server Apache Tomcat update 6.0.35\n\n Apache Tomcat has been updated to version 6.0.35 to address multiple security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-3190, CVE-2011-3375, CVE-2011-4858, and CVE-2012-0022 to these issues.\n\n\ng. ESXi update to third-party component bzip2\n\n The bzip2 library is updated to version 1.0.6, which resolves a security issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0405 to this issue.", "cvss3": {}, "published": "2012-03-16T00:00:00", "type": "nessus", "title": "VMSA-2012-0005 : VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi, and ESX address several security issues", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0405", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-3389", "CVE-2011-3546", "CVE-2011-3547", "CVE-2011-3554", "CVE-2011-4858", "CVE-2012-0022", "CVE-2012-1508", "CVE-2012-1509", "CVE-2012-1510", "CVE-2012-1512", "CVE-2012-1513", "CVE-2012-1514"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:vmware:esx:4.0", "cpe:/o:vmware:esx:4.1", "cpe:/o:vmware:esxi:4.1", "cpe:/o:vmware:esxi:5.0"], "id": "VMWARE_VMSA-2012-0005.NASL", "href": "https://www.tenable.com/plugins/nessus/58362", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2012-0005. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58362);\n script_version(\"1.54\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2010-0405\",\n \"CVE-2011-3190\",\n \"CVE-2011-3375\",\n \"CVE-2011-3389\",\n \"CVE-2011-3546\",\n \"CVE-2011-3547\",\n \"CVE-2011-3554\",\n \"CVE-2012-0022\",\n \"CVE-2012-1508\",\n \"CVE-2012-1510\",\n \"CVE-2012-1512\"\n );\n script_bugtraq_id(\n 43331,\n 49353,\n 49778,\n 50211,\n 50215,\n 50216,\n 50218,\n 50220,\n 50223,\n 50224,\n 50226,\n 50229,\n 50231,\n 50234,\n 50236,\n 50237,\n 50239,\n 50242,\n 50243,\n 50246,\n 50248,\n 50250,\n 51447,\n 52525\n );\n script_xref(name:\"VMSA\", value:\"2012-0005\");\n script_xref(name:\"IAVB\", value:\"2010-B-0083\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"VMSA-2012-0005 : VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi, and ESX address several security issues\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi / ESX host is missing one or more\nsecurity-related patches.\");\n script_set_attribute(attribute:\"description\", value:\n\"a. VMware Tools Display Driver Privilege Escalation\n\n The VMware XPDM and WDDM display drivers contain buffer overflow\n vulnerabilities and the XPDM display driver does not properly\n check for NULL pointers. Exploitation of these issues may lead\n to local privilege escalation on Windows-based Guest Operating\n Systems.\n\n VMware would like to thank Tarjei Mandt for reporting theses\n issues to us.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2012-1509 (XPDM buffer overrun),\n CVE-2012-1510 (WDDM buffer overrun) and CVE-2012-1508 (XPDM null\n pointer dereference) to these issues.\n\n Note: CVE-2012-1509 doesn't affect ESXi and ESX.\n\nb. vSphere Client internal browser input validation vulnerability\n\n The vSphere Client has an internal browser that renders html\n pages from log file entries. This browser doesn't properly\n sanitize input and may run script that is introduced into the\n log files. In order for the script to run, the user would need\n to open an individual, malicious log file entry. The script\n would run with the permissions of the user that runs the vSphere\n Client.\n\n VMware would like to thank Edward Torkington for reporting this\n issue to us.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2012-1512 to this issue.\n\n In order to remediate the issue, the vSphere Client of the\n vSphere 5.0 Update 1 release or the vSphere 4.1 Update 2 release\n needs to be installed. The vSphere Clients that come with\n vSphere 4.0 and vCenter Server 2.5 are not affected.\n\nc. vCenter Orchestrator Password Disclosure\n\n The vCenter Orchestrator (vCO) Web Configuration tool reflects\n back the vCenter Server password as part of the webpage. This\n might allow the logged-in vCO administrator to retrieve the\n vCenter Server password.\n\n VMware would like to thank Alexey Sintsov from Digital Security\n Research Group for reporting this issue to us.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2012-1513 to this issue.\n\nd. vShield Manager Cross-Site Request Forgery vulnerability\n\n The vShield Manager (vSM) interface has a Cross-Site Request\n Forgery vulnerability. If an attacker can convince an\n authenticated user to visit a malicious link, the attacker may\n force the victim to forward an authenticated request to the\n server.\n\n VMware would like to thank Frans Pehrson of Xxor AB\n (www.xxor.se<http://www.xxor.se>) and Claudio Criscione for independently reporting\n this issue to us\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2012-1514 to this issue.\n\ne. vCenter Update Manager, Oracle (Sun) JRE update 1.6.0_30\n\n Oracle (Sun) JRE is updated to version 1.6.0_30, which addresses\n multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE.\n\n Oracle has documented the CVE identifiers that are addressed in\n JRE 1.6.0_29 and JRE 1.6.0_30 in the Oracle Java SE Critical\n Patch Update Advisory of October 2011. The References section\n provides a link to this advisory.\n\nf. vCenter Server Apache Tomcat update 6.0.35\n\n Apache Tomcat has been updated to version 6.0.35 to address\n multiple security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2011-3190, CVE-2011-3375,\n CVE-2011-4858, and CVE-2012-0022 to these issues.\n\n\ng. ESXi update to third-party component bzip2\n\n The bzip2 library is updated to version 1.0.6, which resolves a\n security issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2010-0405 to this issue.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2012/000198.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2012-03-15\");\nflag = 0;\n\n\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-201110401-SG\",\n patch_updates : make_list(\"ESX400-201111201-SG\", \"ESX400-201203401-SG\", \"ESX400-201205401-SG\", \"ESX400-201206401-SG\", \"ESX400-201209401-SG\", \"ESX400-201302401-SG\", \"ESX400-201305401-SG\", \"ESX400-201310401-SG\", \"ESX400-201404401-SG\", \"ESX400-Update04\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201110201-SG\",\n patch_updates : make_list(\"ESX410-201201401-SG\", \"ESX410-201204401-SG\", \"ESX410-201205401-SG\", \"ESX410-201206401-SG\", \"ESX410-201208101-SG\", \"ESX410-201211401-SG\", \"ESX410-201301401-SG\", \"ESX410-201304401-SG\", \"ESX410-201307401-SG\", \"ESX410-201312401-SG\", \"ESX410-201404401-SG\", \"ESX410-Update02\", \"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201208101-SG\",\n patch_updates : make_list(\"ESX410-201211401-SG\", \"ESX410-201301401-SG\", \"ESX410-201304401-SG\", \"ESX410-201307401-SG\", \"ESX410-201312401-SG\", \"ESX410-201404401-SG\", \"ESX410-Update03\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESXi 4.1\",\n patch : \"ESXi410-201110202-UG\",\n patch_updates : make_list(\"ESXi410-Update02\", \"ESXi410-Update03\")\n )\n) flag++;\n\nif (esx_check(ver:\"ESXi 5.0\", vib:\"VMware:esx-base:5.0.0-0.10.608089\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T16:34:20", "description": "The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components :\n\n - Apache Tomcat\n - bzip2 library\n - JRE\n - WDDM display driver\n - XPDM display driver", "cvss3": {}, "published": "2016-03-03T00:00:00", "type": "nessus", "title": "VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0005) (BEAST) (remote check)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0405", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-3389", "CVE-2011-3516", "CVE-2011-3521", "CVE-2011-3544", "CVE-2011-3545", "CVE-2011-3546", "CVE-2011-3547", "CVE-2011-3548", "CVE-2011-3549", "CVE-2011-3550", "CVE-2011-3551", "CVE-2011-3552", "CVE-2011-3553", "CVE-2011-3554", "CVE-2011-3555", "CVE-2011-3556", "CVE-2011-3557", "CVE-2011-3558", "CVE-2011-3560", "CVE-2011-3561", "CVE-2012-0022", "CVE-2012-1508", "CVE-2012-1510", "CVE-2012-1512"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:vmware:esx", "cpe:/o:vmware:esxi"], "id": "VMWARE_VMSA-2012-0005_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/89106", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89106);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2010-0405\",\n \"CVE-2011-3190\",\n \"CVE-2011-3375\",\n \"CVE-2011-3389\",\n \"CVE-2011-3516\",\n \"CVE-2011-3521\",\n \"CVE-2011-3544\",\n \"CVE-2011-3545\",\n \"CVE-2011-3546\",\n \"CVE-2011-3547\",\n \"CVE-2011-3548\",\n \"CVE-2011-3549\",\n \"CVE-2011-3550\",\n \"CVE-2011-3551\",\n \"CVE-2011-3552\",\n \"CVE-2011-3553\",\n \"CVE-2011-3554\",\n \"CVE-2011-3555\",\n \"CVE-2011-3556\",\n \"CVE-2011-3557\",\n \"CVE-2011-3558\",\n \"CVE-2011-3560\",\n \"CVE-2011-3561\",\n \"CVE-2012-0022\",\n \"CVE-2012-1508\",\n \"CVE-2012-1510\",\n \"CVE-2012-1512\"\n );\n script_bugtraq_id(\n 43331,\n 49353,\n 49778,\n 50118,\n 50211,\n 50215,\n 50216,\n 50218,\n 50220,\n 50223,\n 50224,\n 50226,\n 50229,\n 50231,\n 50234,\n 50236,\n 50237,\n 50239,\n 50242,\n 50243,\n 50246,\n 50248,\n 50250,\n 51442,\n 51447,\n 52524,\n 52525\n );\n script_xref(name:\"VMSA\", value:\"2012-0005\");\n script_xref(name:\"IAVB\", value:\"2010-B-0083\");\n script_xref(name:\"CERT\", value:\"864643\");\n script_xref(name:\"EDB-ID\", value:\"18171\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/24\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0005) (BEAST) (remote check)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi / ESX host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including\nremote code execution vulnerabilities, in the following components :\n\n - Apache Tomcat\n - bzip2 library\n - JRE\n - WDDM display driver\n - XPDM display driver\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2012-0005.html\");\n # http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3fed43a3\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-3554\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java RMI Server Insecure Default Configuration Java Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/09/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\n\nesx = \"ESX/ESXi\";\n\nextract = eregmatch(pattern:\"^(ESXi?) (\\d\\.\\d).*$\", string:ver);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_APP_VER, esx);\nelse\n{\n esx = extract[1];\n ver = extract[2];\n}\n\nproduct = \"VMware \" + esx;\n\n# fix builds\nfixes = make_array(\n \"ESX 4.0\", 480973,\n \"ESXi 4.0\", 480973,\n \"ESX 4.1\", 800380,\n \"ESXi 4.1\", 502767,\n \"ESXi 5.0\", 623860\n);\n\n# security-only fix builds\nsec_only_builds = make_array(\n \"ESX 4.1\", 811144,\n \"ESXi 5.0\", 608089\n);\n\nkey = esx + ' ' + ver;\nfix = NULL;\nfix = fixes[key];\nsec_fix = NULL;\nsec_fix = sec_only_builds[key];\n\nbmatch = eregmatch(pattern:'^VMware ESXi?.*build-([0-9]+)$', string:rel);\nif (empty_or_null(bmatch))\n audit(AUDIT_UNKNOWN_BUILD, product, ver);\n\nbuild = int(bmatch[1]);\n\nif (!fix)\n audit(AUDIT_INST_VER_NOT_VULN, product, ver, build);\n\nif (build < fix && build != sec_fix)\n{\n # if there is a security fix\n if (sec_fix)\n fix = fix + \" / \" + sec_fix;\n\n # properly spaced label\n if (\"ESXi\" >< esx) ver_label = ' version : ';\n else ver_label = ' version : ';\n report = '\\n ' + esx + ver_label + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, product, ver, build);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:24:47", "description": "The remote host is affected by the vulnerability described in GLSA-201206-24 (Apache Tomcat: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details.\n Impact :\n\n The vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server’s hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "baseScore": 4.2, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2012-06-25T00:00:00", "type": "nessus", "title": "GLSA-201206-24 : Apache Tomcat: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2010-1157", "CVE-2010-2227", "CVE-2010-3718", "CVE-2010-4172", "CVE-2010-4312", "CVE-2011-0013", "CVE-2011-0534", "CVE-2011-1088", "CVE-2011-1183", "CVE-2011-1184", "CVE-2011-1419", "CVE-2011-1475", "CVE-2011-1582", "CVE-2011-2204", "CVE-2011-2481", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:tomcat", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201206-24.NASL", "href": "https://www.tenable.com/plugins/nessus/59677", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201206-24.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59677);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2010-4312\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-1088\", \"CVE-2011-1183\", \"CVE-2011-1184\", \"CVE-2011-1419\", \"CVE-2011-1475\", \"CVE-2011-1582\", \"CVE-2011-2204\", \"CVE-2011-2481\", \"CVE-2011-2526\", \"CVE-2011-2729\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_bugtraq_id(35193, 35196, 35263, 35416, 37942, 37944, 37945, 39635, 41544, 45015, 46164, 46174, 46177, 46685, 47196, 47199, 47886, 48456, 48667, 49143, 49147, 49353, 49762, 51200, 51442, 51447);\n script_xref(name:\"GLSA\", value:\"201206-24\");\n\n script_name(english:\"GLSA-201206-24 : Apache Tomcat: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201206-24\n(Apache Tomcat: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Apache Tomcat. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n The vulnerabilities allow an attacker to cause a Denial of Service, to\n hijack a session, to bypass authentication, to inject webscript, to\n enumerate valid usernames, to read, modify and overwrite arbitrary files,\n to bypass intended access restrictions, to delete work-directory files,\n to discover the server’s hostname or IP, to bypass read permissions for\n files or HTTP headers, to read or write files outside of the intended\n working directory, and to obtain sensitive information by reading a log\n file.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201206-24\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Apache Tomcat 6.0.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-6.0.35'\n All Apache Tomcat 7.0.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-7.0.23'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 22, 79, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/tomcat\", unaffected:make_list(\"rge 6.0.35\", \"ge 7.0.23\", \"rge 6.0.44\", \"rge 6.0.45\", \"rge 6.0.46\", \"rge 6.0.47\", \"rge 6.0.48\"), vulnerable:make_list(\"lt 7.0.23\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache Tomcat\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-10-19T20:37:55", "description": "JBoss Operations Network (JBoss ON) is a middleware management solution\nthat provides a single point of control to deploy, manage, and monitor\nJBoss Enterprise Middleware, applications, and services.\n\nThis JBoss ON 3.1.1 release serves as a replacement for JBoss ON 3.1.0, and\nincludes several bug fixes and enhancements. Refer to the JBoss ON 3.1.1\nRelease Notes for information on the most significant of these changes. The\nRelease Notes will be available shortly from\nhttps://access.redhat.com/knowledge/docs/\n\nThe following security issue is also fixed with this release:\n\nIt was found that JBoss Web did not handle large numbers of parameters and\nlarge parameter values efficiently. A remote attacker could make JBoss Web\nuse an excessive amount of CPU time by sending an HTTP request containing a\nlarge number of parameters or large parameter values. This update\nintroduces limits on the number of parameters and headers processed per\nrequest to address this issue. The default limit is 512 for parameters and\n128 for headers. These defaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in\n\"jbossas/server/[PROFILE]/deploy/properties-service.xml\". (CVE-2012-0022)\n\nWarning: Before applying the update, back up your existing JBoss ON\ninstallation (including its databases, applications, configuration files,\nthe JBoss ON server's file system directory, and so on).\n\nAll users of JBoss Operations Network 3.1.0 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Operations Network 3.1.1.", "cvss3": {}, "published": "2012-10-03T15:08:03", "type": "redhat", "title": "(RHSA-2012:1331) Moderate: JBoss Operations Network 3.1.1 update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0022"], "modified": "2019-02-20T12:34:42", "id": "RHSA-2012:1331", "href": "https://access.redhat.com/errata/RHSA-2012:1331", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-21T04:43:00", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was found that the Java hashCode() method implementation was susceptible\nto predictable hash collisions. A remote attacker could use this flaw to\ncause Tomcat to use an excessive amount of CPU time by sending an HTTP\nrequest with a large number of parameters whose names map to the same hash\nvalue. This update introduces a limit on the number of parameters processed\nper request to mitigate this issue. The default limit is 512 for\nparameters and 128 for headers. These defaults can be changed by setting\nthe org.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters and\nlarge parameter values efficiently. A remote attacker could make Tomcat\nuse an excessive amount of CPU time by sending an HTTP request containing a\nlarge number of parameters or large parameter values. This update\nintroduces limits on the number of parameters and headers processed per\nrequest to address this issue. Refer to the CVE-2011-4858 description for\ninformation about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022) \n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT\nacknowledges Julian Walde and Alexander Klink as the original reporters of\nCVE-2011-4858.\n\nUsers of Tomcat should upgrade to these updated packages, which correct\nthese issues. Tomcat must be restarted for this update to take effect.\n", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "redhat", "title": "(RHSA-2012:0474) Moderate: tomcat5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4858", "CVE-2012-0022"], "modified": "2017-09-08T08:08:31", "id": "RHSA-2012:0474", "href": "https://access.redhat.com/errata/RHSA-2012:0474", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T18:37:50", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was found that the Java hashCode() method implementation was susceptible\nto predictable hash collisions. A remote attacker could use this flaw to\ncause Tomcat to use an excessive amount of CPU time by sending an HTTP\nrequest with a large number of parameters whose names map to the same hash\nvalue. This update introduces a limit on the number of parameters processed\nper request to mitigate this issue. The default limit is 512 for\nparameters and 128 for headers. These defaults can be changed by setting\nthe org.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters and\nlarge parameter values efficiently. A remote attacker could make Tomcat\nuse an excessive amount of CPU time by sending an HTTP request containing a\nlarge number of parameters or large parameter values. This update\nintroduces limits on the number of parameters and headers processed per\nrequest to address this issue. Refer to the CVE-2011-4858 description for\ninformation about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022) \n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT\nacknowledges Julian W\u00e4lde and Alexander Klink as the original reporters of\nCVE-2011-4858.\n\nUsers of Tomcat should upgrade to these updated packages, which correct\nthese issues. Tomcat must be restarted for this update to take effect.\n", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "redhat", "title": "(RHSA-2012:0475) Moderate: tomcat6 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4858", "CVE-2012-0022"], "modified": "2018-06-06T16:24:31", "id": "RHSA-2012:0475", "href": "https://access.redhat.com/errata/RHSA-2012:0475", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T20:37:27", "description": "JBoss Web is a web container based on Apache Tomcat. It provides a single\ndeployment platform for the JavaServer Pages (JSP) and Java Servlet\ntechnologies.\n\nA flaw was found in the way JBoss Web handled UTF-8 surrogate pair\ncharacters. If JBoss Web was hosting an application with UTF-8 character\nencoding enabled, or that included user-supplied UTF-8 strings in a\nresponse, a remote attacker could use this flaw to cause a denial of\nservice (infinite loop) on the JBoss Web server. (CVE-2011-4610)\n\nIt was found that the Java hashCode() method implementation was susceptible\nto predictable hash collisions. A remote attacker could use this flaw to\ncause JBoss Web to use an excessive amount of CPU time by sending an HTTP\nrequest with a large number of parameters whose names map to the same hash\nvalue. This update introduces a limit on the number of parameters and\nheaders processed per request to mitigate this issue. The default limit is\n512 for parameters and 128 for headers. These defaults can be changed by\nsetting the \"-Dorg.apache.tomcat.util.http.Parameters.MAX_COUNT=x\" and\n\"-Dorg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT=x\" system properties\nas JAVA_OPTS entries in \"jboss-as-web/bin/run.conf\". (CVE-2011-4858)\n\nIt was found that JBoss Web did not handle large numbers of parameters and\nlarge parameter values efficiently. A remote attacker could make a JBoss\nWeb server use an excessive amount of CPU time by sending an HTTP request\ncontaining a large number of parameters or large parameter values. This\nupdate introduces limits on the number of parameters and headers processed\nper request to address this issue. Refer to the CVE-2011-4858 description\nfor information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT\nand org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nMultiple flaws were found in the way JBoss Web handled HTTP DIGEST\nauthentication. These flaws weakened the JBoss Web HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses of\nHTTP BASIC authentication, for example, allowing remote attackers to\nperform session replay attacks. (CVE-2011-1184, CVE-2011-5062,\nCVE-2011-5063, CVE-2011-5064)\n\nA flaw was found in the way JBoss Web handled sendfile request attributes\nwhen using the HTTP APR (Apache Portable Runtime) or NIO (Non-Blocking I/O)\nconnector. A malicious web application running on a JBoss Web instance\ncould use this flaw to bypass security manager restrictions and gain access\nto files it would otherwise be unable to access, or possibly terminate the\nJava Virtual Machine (JVM). (CVE-2011-2526)\n\nRed Hat would like to thank NTT OSSC for reporting CVE-2011-4610; oCERT for\nreporting CVE-2011-4858; and the Apache Tomcat project for reporting\nCVE-2011-2526. oCERT acknowledges Julian W\u00e4lde and Alexander Klink as the\noriginal reporters of CVE-2011-4858.\n\nWarning: Before applying this update, back up your JBoss Enterprise Web\nPlatform's \"jboss-as-web/server/[PROFILE]/deploy/\" directory and any other\ncustomized configuration files.\n\nUsers of JBoss Enterprise Web Platform 5.1.2 on Red Hat Enterprise Linux 4,\n5, and 6 should upgrade to these updated packages, which correct these\nissues. The JBoss server process must be restarted for this update to take\neffect.\n", "cvss3": {}, "published": "2012-01-31T00:00:00", "type": "redhat", "title": "(RHSA-2012:0076) Important: jbossweb security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2526", "CVE-2011-4610", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2018-06-06T22:39:14", "id": "RHSA-2012:0076", "href": "https://access.redhat.com/errata/RHSA-2012:0076", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-19T18:41:23", "description": "JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise\nApplication Platform. It provides a single deployment platform for the\nJavaServer Pages (JSP) and Java Servlet technologies.\n\nA flaw was found in the way JBoss Web handled UTF-8 surrogate pair\ncharacters. If JBoss Web was hosting an application with UTF-8 character\nencoding enabled, or that included user-supplied UTF-8 strings in a\nresponse, a remote attacker could use this flaw to cause a denial of\nservice (infinite loop) on the JBoss Web server. (CVE-2011-4610)\n\nIt was found that the Java hashCode() method implementation was\nsusceptible to predictable hash collisions. A remote attacker could use\nthis flaw to cause JBoss Web to use an excessive amount of CPU time by\nsending an HTTP request with a large number of parameters whose names map\nto the same hash value. This update introduces a limit on the number of\nparameters and headers processed per request to mitigate this issue. The\ndefault limit is 512 for parameters and 128 for headers. These defaults\ncan be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in\n\"jboss-as/server/[PROFILE]/deploy/properties-service.xml\". (CVE-2011-4858)\n\nIt was found that JBoss Web did not handle large numbers of parameters and\nlarge parameter values efficiently. A remote attacker could make a JBoss\nWeb server use an excessive amount of CPU time by sending an HTTP request\ncontaining a large number of parameters or large parameter values. This\nupdate introduces limits on the number of parameters and headers processed\nper request to address this issue. Refer to the CVE-2011-4858 description\nfor information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT\nand org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nMultiple flaws were found in the way JBoss Web handled HTTP DIGEST\nauthentication. These flaws weakened the JBoss Web HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses of\nHTTP BASIC authentication, for example, allowing remote attackers to\nperform session replay attacks. (CVE-2011-1184, CVE-2011-5062,\nCVE-2011-5063, CVE-2011-5064)\n\nA flaw was found in the way JBoss Web handled sendfile request attributes\nwhen using the HTTP APR (Apache Portable Runtime) or NIO (Non-Blocking I/O)\nconnector. A malicious web application running on a JBoss Web instance\ncould use this flaw to bypass security manager restrictions and gain access\nto files it would otherwise be unable to access, or possibly terminate the\nJava Virtual Machine (JVM). (CVE-2011-2526)\n\nRed Hat would like to thank NTT OSSC for reporting CVE-2011-4610; oCERT for\nreporting CVE-2011-4858; and the Apache Tomcat project for reporting\nCVE-2011-2526. oCERT acknowledges Julian W\u00e4lde and Alexander Klink as the\noriginal reporters of CVE-2011-4858.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"jboss-as/server/[PROFILE]/deploy/\" directory, along\nwith all other customized configuration files.\n\nUsers of JBoss Enterprise Application Platform 5.1.2 on Red Hat Enterprise\nLinux 4, 5, and 6 should upgrade to these updated packages, which correct\nthese issues. The JBoss server process must be restarted for this update to\ntake effect.\n", "cvss3": {}, "published": "2012-01-31T00:00:00", "type": "redhat", "title": "(RHSA-2012:0074) Important: jbossweb security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2526", "CVE-2011-4610", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2018-06-06T22:37:45", "id": "RHSA-2012:0074", "href": "https://access.redhat.com/errata/RHSA-2012:0074", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-19T20:36:26", "description": "JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise\nApplication Platform. It provides a single deployment platform for the\nJavaServer Pages (JSP) and Java Servlet technologies.\n\nA flaw was found in the way JBoss Web handled UTF-8 surrogate pair\ncharacters. If JBoss Web was hosting an application with UTF-8 character\nencoding enabled, or that included user-supplied UTF-8 strings in a\nresponse, a remote attacker could use this flaw to cause a denial of\nservice (infinite loop) on the JBoss Web server. (CVE-2011-4610)\n\nIt was found that the Java hashCode() method implementation was\nsusceptible to predictable hash collisions. A remote attacker could use\nthis flaw to cause JBoss Web to use an excessive amount of CPU time by\nsending an HTTP request with a large number of parameters whose names map\nto the same hash value. This update introduces a limit on the number of\nparameters and headers processed per request to mitigate this issue. The\ndefault limit is 512 for parameters and 128 for headers. These defaults\ncan be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in\n\"jboss-as/server/[PROFILE]/deploy/properties-service.xml\". (CVE-2011-4858)\n\nIt was found that JBoss Web did not handle large numbers of parameters and\nlarge parameter values efficiently. A remote attacker could make a JBoss\nWeb server use an excessive amount of CPU time by sending an HTTP request\ncontaining a large number of parameters or large parameter values. This\nupdate introduces limits on the number of parameters and headers processed\nper request to address this issue. Refer to the CVE-2011-4858 description\nfor information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT\nand org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nMultiple flaws were found in the way JBoss Web handled HTTP DIGEST\nauthentication. These flaws weakened the JBoss Web HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses of\nHTTP BASIC authentication, for example, allowing remote attackers to\nperform session replay attacks. (CVE-2011-1184, CVE-2011-5062,\nCVE-2011-5063, CVE-2011-5064)\n\nA flaw was found in the way JBoss Web handled sendfile request attributes\nwhen using the HTTP APR (Apache Portable Runtime) or NIO (Non-Blocking I/O)\nconnector. A malicious web application running on a JBoss Web instance\ncould use this flaw to bypass security manager restrictions and gain access\nto files it would otherwise be unable to access, or possibly terminate the\nJava Virtual Machine (JVM). (CVE-2011-2526)\n\nRed Hat would like to thank NTT OSSC for reporting CVE-2011-4610; oCERT for\nreporting CVE-2011-4858; and the Apache Tomcat project for reporting\nCVE-2011-2526. oCERT acknowledges Julian W\u00e4lde and Alexander Klink as the\noriginal reporters of CVE-2011-4858.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform's \"jboss-as/server/[PROFILE]/deploy/\" directory, along\nwith all other customized configuration files.\n\nAll users of JBoss Enterprise Application Platform 5.1.2 as provided from\nthe Red Hat Customer Portal are advised to install this update.", "cvss3": {}, "published": "2012-01-31T22:54:32", "type": "redhat", "title": "(RHSA-2012:0075) Important: jbossweb security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2526", "CVE-2011-4610", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2019-02-20T12:33:58", "id": "RHSA-2012:0075", "href": "https://access.redhat.com/errata/RHSA-2012:0075", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-19T20:38:45", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nJBoss Enterprise Web Server includes the Tomcat Native library, providing\nApache Portable Runtime (APR) support for Tomcat. References in this text\nto APR refer to the Tomcat Native implementation, not any other apr\npackage.\n\nThis update includes bug fixes as documented in JBPAPP-4873 and\nJBPAPP-6133. It also resolves the following security issues:\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063,\nCVE-2011-5064)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\nand APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker could\nsend a specially-crafted request that would cause the connector to treat\nthe message body as a new request. This allows arbitrary AJP messages to be\ninjected, possibly allowing an attacker to bypass a web application's\nauthentication checks and gain access to information they would otherwise\nbe unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\nconnector is used by default when the APR libraries are not present. The JK\nconnector is not affected by this flaw. (CVE-2011-3190)\n\nIt was found that the Java hashCode() method implementation was susceptible\nto predictable hash collisions. A remote attacker could use this flaw to\ncause Tomcat to use an excessive amount of CPU time by sending an HTTP\nrequest with a large number of parameters whose names map to the same hash\nvalue. This update introduces a limit on the number of parameters processed\nper request to mitigate this issue. The default limit is 512 for parameters\nand 128 for headers. These defaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters and\nlarge parameter values efficiently. A remote attacker could make Tomcat use\nan excessive amount of CPU time by sending an HTTP request containing a\nlarge number of parameters or large parameter values. This update\nintroduces limits on the number of parameters and headers processed per\nrequest to address this issue. Refer to the CVE-2011-4858 description for\ninformation about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\noccurred when creating a new user with a JMX client, that user's password\nwas logged to Tomcat log files. Note: By default, only administrators have\naccess to such log files. (CVE-2011-2204)\n\nA flaw was found in the way Tomcat handled sendfile request attributes\nwhen using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious\nweb application running on a Tomcat instance could use this flaw to bypass\nsecurity manager restrictions and gain access to files it would otherwise\nbe unable to access, or possibly terminate the Java Virtual Machine (JVM).\nThe HTTP NIO connector is used by default in JBoss Enterprise Web Server.\n(CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the\nApache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges\nJulian W\u00e4lde and Alexander Klink as the original reporters of\nCVE-2011-4858.\n\nUsers of Tomcat should upgrade to these updated packages, which resolve\nthese issues. Tomcat must be restarted for this update to take effect.\n", "cvss3": {}, "published": "2012-05-21T00:00:00", "type": "redhat", "title": "(RHSA-2012:0680) Moderate: tomcat5 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2018-06-06T22:42:41", "id": "RHSA-2012:0680", "href": "https://access.redhat.com/errata/RHSA-2012:0680", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:37:45", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nJBoss Enterprise Web Server includes the Tomcat Native library, providing\nApache Portable Runtime (APR) support for Tomcat. References in this text\nto APR refer to the Tomcat Native implementation, not any other apr\npackage.\n\nThis update includes bug fixes as documented in JBPAPP-4873 and\nJBPAPP-6133. It also resolves the following security issues:\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063,\nCVE-2011-5064)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\nand APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker could\nsend a specially-crafted request that would cause the connector to treat\nthe message body as a new request. This allows arbitrary AJP messages to be\ninjected, possibly allowing an attacker to bypass a web application's\nauthentication checks and gain access to information they would otherwise\nbe unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\nconnector is used by default when the APR libraries are not present. The JK\nconnector is not affected by this flaw. (CVE-2011-3190)\n\nIt was found that the Java hashCode() method implementation was susceptible\nto predictable hash collisions. A remote attacker could use this flaw to\ncause Tomcat to use an excessive amount of CPU time by sending an HTTP\nrequest with a large number of parameters whose names map to the same hash\nvalue. This update introduces a limit on the number of parameters processed\nper request to mitigate this issue. The default limit is 512 for parameters\nand 128 for headers. These defaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters and\nlarge parameter values efficiently. A remote attacker could make Tomcat use\nan excessive amount of CPU time by sending an HTTP request containing a\nlarge number of parameters or large parameter values. This update\nintroduces limits on the number of parameters and headers processed per\nrequest to address this issue. Refer to the CVE-2011-4858 description for\ninformation about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\noccurred when creating a new user with a JMX client, that user's password\nwas logged to Tomcat log files. Note: By default, only administrators have\naccess to such log files. (CVE-2011-2204)\n\nA flaw was found in the way Tomcat handled sendfile request attributes\nwhen using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious\nweb application running on a Tomcat instance could use this flaw to bypass\nsecurity manager restrictions and gain access to files it would otherwise\nbe unable to access, or possibly terminate the Java Virtual Machine (JVM).\nThe HTTP NIO connector is used by default in JBoss Enterprise Web Server.\n(CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the\nApache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges\nJulian W\u00e4lde and Alexander Klink as the original reporters of\nCVE-2011-4858.\n\nAll users of JBoss Enterprise Web Server 1.0.2 as provided from the Red Hat\nCustomer Portal are advised to apply this update.", "cvss3": {}, "published": "2012-05-21T16:19:01", "type": "redhat", "title": "(RHSA-2012:0679) Moderate: tomcat5 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2019-02-20T12:33:40", "id": "RHSA-2012:0679", "href": "https://access.redhat.com/errata/RHSA-2012:0679", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:38:14", "description": "Apache Tomcat is a servlet container.\n\nJBoss Enterprise Web Server includes the Tomcat Native library, providing\nApache Portable Runtime (APR) support for Tomcat. References in this text\nto APR refer to the Tomcat Native implementation, not any other apr\npackage.\n\nThis update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It\nalso resolves the following security issues:\n\nMultiple flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063,\nCVE-2011-5064)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\nand APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker could\nsend a specially-crafted request that would cause the connector to treat\nthe message body as a new request. This allows arbitrary AJP messages to be\ninjected, possibly allowing an attacker to bypass a web application's\nauthentication checks and gain access to information they would otherwise\nbe unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\nconnector is used by default when the APR libraries are not present. The JK\nconnector is not affected by this flaw. (CVE-2011-3190)\n\nA flaw in the way Tomcat recycled objects that contain data from user\nrequests (such as IP addresses and HTTP headers) when certain errors\noccurred. If a user sent a request that caused an error to be logged,\nTomcat would return a reply to the next request (which could be sent by a\ndifferent user) with data from the first user's request, leading to\ninformation disclosure. Under certain conditions, a remote attacker could\nleverage this flaw to hijack sessions. (CVE-2011-3375)\n\nThe Java hashCode() method implementation was susceptible to predictable\nhash collisions. A remote attacker could use this flaw to cause Tomcat to\nuse an excessive amount of CPU time by sending an HTTP request with a large\nnumber of parameters whose names map to the same hash value. This update\nintroduces a limit on the number of parameters processed per request to\nmitigate this issue. The default limit is 512 for parameters and 128 for\nheaders. These defaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nTomcat did not handle large numbers of parameters and large parameter\nvalues efficiently. A remote attacker could make Tomcat use an excessive\namount of CPU time by sending an HTTP request containing a large number of\nparameters or large parameter values. This update introduces limits on the\nnumber of parameters and headers processed per request to address this\nissue. Refer to the CVE-2011-4858 description for information about the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nA flaw in the Tomcat MemoryUserDatabase. If a runtime exception occurred\nwhen creating a new user with a JMX client, that user's password was logged\nto Tomcat log files. Note: By default, only administrators have access to\nsuch log files. (CVE-2011-2204)\n\nA flaw in the way Tomcat handled sendfile request attributes when using the\nHTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application\nrunning on a Tomcat instance could use this flaw to bypass security manager\nrestrictions and gain access to files it would otherwise be unable to\naccess, or possibly terminate the Java Virtual Machine (JVM). The HTTP NIO\nconnector is used by default in JBoss Enterprise Web Server.\n(CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the\nApache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges\nJulian W\u00e4lde and Alexander Klink as the original reporters of\nCVE-2011-4858.", "cvss3": {}, "published": "2012-05-21T16:31:40", "type": "redhat", "title": "(RHSA-2012:0681) Moderate: tomcat6 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2019-02-20T12:33:40", "id": "RHSA-2012:0681", "href": "https://access.redhat.com/errata/RHSA-2012:0681", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:37:57", "description": "Apache Tomcat is a servlet container.\n\nJBoss Enterprise Web Server includes the Tomcat Native library, providing\nApache Portable Runtime (APR) support for Tomcat. References in this text\nto APR refer to the Tomcat Native implementation, not any other apr\npackage.\n\nThis update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It\nalso resolves the following security issues:\n\nMultiple flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063,\nCVE-2011-5064)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\nand APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker could\nsend a specially-crafted request that would cause the connector to treat\nthe message body as a new request. This allows arbitrary AJP messages to be\ninjected, possibly allowing an attacker to bypass a web application's\nauthentication checks and gain access to information they would otherwise\nbe unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\nconnector is used by default when the APR libraries are not present. The JK\nconnector is not affected by this flaw. (CVE-2011-3190)\n\nA flaw in the way Tomcat recycled objects that contain data from user\nrequests (such as IP addresses and HTTP headers) when certain errors\noccurred. If a user sent a request that caused an error to be logged,\nTomcat would return a reply to the next request (which could be sent by a\ndifferent user) with data from the first user's request, leading to\ninformation disclosure. Under certain conditions, a remote attacker could\nleverage this flaw to hijack sessions. (CVE-2011-3375)\n\nThe Java hashCode() method implementation was susceptible to predictable\nhash collisions. A remote attacker could use this flaw to cause Tomcat to\nuse an excessive amount of CPU time by sending an HTTP request with a large\nnumber of parameters whose names map to the same hash value. This update\nintroduces a limit on the number of parameters processed per request to\nmitigate this issue. The default limit is 512 for parameters and 128 for\nheaders. These defaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nTomcat did not handle large numbers of parameters and large parameter\nvalues efficiently. A remote attacker could make Tomcat use an excessive\namount of CPU time by sending an HTTP request containing a large number of\nparameters or large parameter values. This update introduces limits on the\nnumber of parameters and headers processed per request to address this\nissue. Refer to the CVE-2011-4858 description for information about the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022)\n\nA flaw in the Tomcat MemoryUserDatabase. If a runtime exception occurred\nwhen creating a new user with a JMX client, that user's password was logged\nto Tomcat log files. Note: By default, only administrators have access to\nsuch log files. (CVE-2011-2204)\n\nA flaw in the way Tomcat handled sendfile request attributes when using the\nHTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application\nrunning on a Tomcat instance could use this flaw to bypass security manager\nrestrictions and gain access to files it would otherwise be unable to\naccess, or possibly terminate the Java Virtual Machine (JVM). The HTTP NIO\nconnector is used by default in JBoss Enterprise Web Server.\n(CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the\nApache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges\nJulian W\u00e4lde and Alexander Klink as the original reporters of\nCVE-2011-4858.\n", "cvss3": {}, "published": "2012-05-21T00:00:00", "type": "redhat", "title": "(RHSA-2012:0682) Moderate: tomcat6 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2018-06-06T22:42:41", "id": "RHSA-2012:0682", "href": "https://access.redhat.com/errata/RHSA-2012:0682", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:38:32", "description": "The host is running Apache Tomcat Server and is prone to denial of\n service vulnerability.", "cvss3": {}, "published": "2012-01-20T00:00:00", "type": "openvas", "title": "Apache Tomcat Parameter Handling Denial of Service Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0022"], "modified": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310802384", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802384", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat Parameter Handling Denial of Service Vulnerability (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802384\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_cve_id(\"CVE-2012-0022\");\n script_bugtraq_id(51447);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-01-20 12:49:54 +0530 (Fri, 20 Jan 2012)\");\n script_name(\"Apache Tomcat Parameter Handling Denial of Service Vulnerability (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_windows\");\n\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-5.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/51447/info\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow remote attackers to cause a denial\n of service via a specially crafted request.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat 5.5.x to 5.5.34, 6.x to 6.0.33 and 7.x to 7.0.22 on Windows.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to improper handling of large numbers of parameters\n and parameter values, allows attackers to cause denial of service via a\n crafted request that contains many parameters and parameter values.\");\n\n script_tag(name:\"summary\", value:\"The host is running Apache Tomcat Server and is prone to denial of\n service vulnerability.\");\n\n script_tag(name:\"solution\", value:\"Upgrade Apache Tomcat to 5.5.35, 6.0.34, 7.0.23 or later.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"5.5.0\", test_version2:\"5.5.34\" ) ||\n version_in_range( version:vers, test_version:\"6.0.0\", test_version2:\"6.0.33\" ) ||\n version_in_range( version:vers, test_version:\"7.0.0\", test_version2:\"7.0.22\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"5.5.35/6.0.34/7.0.23\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:45", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat5 CESA-2012:0474 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0022", "CVE-2011-4858"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881065", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881065", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat5 CESA-2012:0474 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-April/018570.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881065\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 15:59:46 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-4858\", \"CVE-2012-0022\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2012:0474\");\n script_name(\"CentOS Update for tomcat5 CESA-2012:0474 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat5'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"tomcat5 on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n It was found that the Java hashCode() method implementation was susceptible\n to predictable hash collisions. A remote attacker could use this flaw to\n cause Tomcat to use an excessive amount of CPU time by sending an HTTP\n request with a large number of parameters whose names map to the same hash\n value. This update introduces a limit on the number of parameters processed\n per request to mitigate this issue. The default limit is 512 for\n parameters and 128 for headers. These defaults can be changed by setting\n the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\n org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n (CVE-2011-4858)\n\n It was found that Tomcat did not handle large numbers of parameters and\n large parameter values efficiently. A remote attacker could make Tomcat\n use an excessive amount of CPU time by sending an HTTP request containing a\n large number of parameters or large parameter values. This update\n introduces limits on the number of parameters and headers processed per\n request to address this issue. Refer to the CVE-2011-4858 description for\n information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\n org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n (CVE-2012-0022)\n\n Red Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT\n acknowledges Julian W\u00e4lde and Alexander Klink as the original reporters of\n CVE-2011-4858.\n\n Users of Tomcat should upgrade to these updated packages, which correct\n these issues. Tomcat must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.31.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.31.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.31.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.31.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.31.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.31.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.31.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.31.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.31.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.31.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.31.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-02-21T00:58:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat6 CESA-2012:0475 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0022", "CVE-2011-4858"], "modified": "2020-02-19T00:00:00", "id": "OPENVAS:1361412562310881140", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881140", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat6 CESA-2012:0475 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-April/018571.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881140\");\n script_version(\"2020-02-19T15:17:22+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-19 15:17:22 +0000 (Wed, 19 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:21:19 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-4858\", \"CVE-2012-0022\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2012:0475\");\n script_name(\"CentOS Update for tomcat6 CESA-2012:0475 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"tomcat6 on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n It was found that the Java hashCode() method implementation was susceptible\n to predictable hash collisions. A remote attacker could use this flaw to\n cause Tomcat to use an excessive amount of CPU time by sending an HTTP\n request with a large number of parameters whose names map to the same hash\n value. This update introduces a limit on the number of parameters processed\n per request to mitigate this issue. The default limit is 512 for\n parameters and 128 for headers. These defaults can be changed by setting\n the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\n org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n (CVE-2011-4858)\n\n It was found that Tomcat did not handle large numbers of parameters and\n large parameter values efficiently. A remote attacker could make Tomcat\n use an excessive amount of CPU time by sending an HTTP request containing a\n large number of parameters or large parameter values. This update\n introduces limits on the number of parameters and headers processed per\n request to address this issue. Refer to the CVE-2011-4858 description for\n information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\n org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n (CVE-2012-0022)\n\n Red Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT\n acknowledges Julian W\u00e4lde and Alexander Klink as the original reporters of\n CVE-2011-4858.\n\n Users of Tomcat should upgrade to these updated packages, which correct\n these issues. Tomcat must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~36.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~36.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~36.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~36.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~36.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~36.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~36.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~36.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~36.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-14T19:00:18", "description": "Oracle Linux Local Security Checks ELSA-2012-0475", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0475", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0022", "CVE-2011-4858"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310123938", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123938", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123938\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:10:34 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0475\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0475 - tomcat6 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0475\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0475.html\");\n script_cve_id(\"CVE-2011-4858\", \"CVE-2012-0022\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~36.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~36.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~36.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~36.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~36.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~36.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~36.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~36.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~36.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-02T21:10:34", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2012-02-12T00:00:00", "type": "openvas", "title": "FreeBSD Ports: tomcat", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0022", "CVE-2011-4858"], "modified": "2017-04-17T00:00:00", "id": "OPENVAS:70752", "href": "http://plugins.openvas.org/nasl.php?oid=70752", "sourceData": "#\n#VID 7f5ccb1d-439b-11e1-bc16-0023ae8e59f0\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 7f5ccb1d-439b-11e1-bc16-0023ae8e59f0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: tomcat\n\nCVE-2012-0022\nApache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before\n7.0.23 uses an inefficient approach for handling parameters, which\nallows remote attackers to cause a denial of service (CPU consumption)\nvia a request that contains many parameters and parameter values, a\ndifferent vulnerability than CVE-2011-4858.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.35\nhttp://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.34\nhttp://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.23\nhttp://www.vuxml.org/freebsd/7f5ccb1d-439b-11e1-bc16-0023ae8e59f0.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(70752);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-0022\");\n script_version(\"$Revision: 5958 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-17 11:02:19 +0200 (Mon, 17 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 07:27:20 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"FreeBSD Ports: tomcat\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"tomcat\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.5.0\")>0 && revcomp(a:bver, b:\"5.5.35\")<0) {\n txt += 'Package tomcat version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"tomcat\");\nif(!isnull(bver) && revcomp(a:bver, b:\"6.0.0\")>0 && revcomp(a:bver, b:\"6.0.34\")<0) {\n txt += 'Package tomcat version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"tomcat\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.0.0\")>0 && revcomp(a:bver, b:\"7.0.23\")<0) {\n txt += 'Package tomcat version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:57:56", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2012-04-13T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat5 RHSA-2012:0474-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0022", "CVE-2011-4858"], "modified": "2018-01-01T00:00:00", "id": "OPENVAS:870585", "href": "http://plugins.openvas.org/nasl.php?oid=870585", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat5 RHSA-2012:0474-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n It was found that the Java hashCode() method implementation was susceptible\n to predictable hash collisions. A remote attacker could use this flaw to\n cause Tomcat to use an excessive amount of CPU time by sending an HTTP\n request with a large number of parameters whose names map to the same hash\n value. This update introduces a limit on the number of parameters processed\n per request to mitigate this issue. The default limit is 512 for\n parameters and 128 for headers. These defaults can be changed by setting\n the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\n org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n (CVE-2011-4858)\n\n It was found that Tomcat did not handle large numbers of parameters and\n large parameter values efficiently. A remote attacker could make Tomcat\n use an excessive amount of CPU time by sending an HTTP request containing a\n large number of parameters or large parameter values. This update\n introduces limits on the number of parameters and headers processed per\n request to address this issue. Refer to the CVE-2011-4858 description for\n information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\n org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n (CVE-2012-0022)\n\n Red Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT\n acknowledges Julian W\u00e4lde and Alexander Klink as the original reporters of\n CVE-2011-4858.\n\n Users of Tomcat should upgrade to these updated packages, which correct\n these issues. Tomcat must be restarted for this update to take effect.\";\n\ntag_affected = \"tomcat5 on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-April/msg00007.html\");\n script_id(870585);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-13 10:32:45 +0530 (Fri, 13 Apr 2012)\");\n script_cve_id(\"CVE-2011-4858\", \"CVE-2012-0022\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2012:0474-01\");\n script_name(\"RedHat Update for tomcat5 RHSA-2012:0474-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.31.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.31.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.31.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.23~0jpp.31.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.31.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.31.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.31.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.31.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.31.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.31.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.31.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.31.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:57:12", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2012:085 (tomcat5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0022", "CVE-2011-4858"], "modified": "2017-12-29T00:00:00", "id": "OPENVAS:831618", "href": "http://plugins.openvas.org/nasl.php?oid=831618", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDVSA-2012:085 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been discovered and corrected in tomcat5:\n\n Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before\n 7.0.23 uses an inefficient approach for handling parameters, which\n allows remote attackers to cause a denial of service (CPU consumption)\n via a request that contains many parameters and parameter values,\n a different vulnerability than CVE-2011-4858 (CVE-2012-0022).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"tomcat5 on Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:085\");\n script_id(831618);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:54:54 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2011-4858\", \"CVE-2012-0022\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:085\");\n script_name(\"Mandriva Update for tomcat5 MDVSA-2012:085 (tomcat5)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.28~0.5.0.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.28~0.5.0.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.28~0.5.0.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.28~0.5.0.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.28~0.5.0.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.28~0.5.0.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.28~0.5.0.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.28~0.5.0.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.28~0.5.0.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.28~0.5.0.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.28~0.5.0.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.28~0.5.0.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.28~0.5.0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.28~0.5.0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.28~0.5.0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.28~0.5.0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.28~0.5.0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.28~0.5.0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.28~0.5.0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.28~0.5.0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.28~0.5.0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.28~0.5.0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.28~0.5.0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.28~0.5.0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-08T12:57:46", "description": "Check for the Version of tomcat6", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat6 RHSA-2012:0475-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0022", "CVE-2011-4858"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:870714", "href": "http://plugins.openvas.org/nasl.php?oid=870714", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat6 RHSA-2012:0475-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n It was found that the Java hashCode() method implementation was susceptible\n to predictable hash collisions. A remote attacker could use this flaw to\n cause Tomcat to use an excessive amount of CPU time by sending an HTTP\n request with a large number of parameters whose names map to the same hash\n value. This update introduces a limit on the number of parameters processed\n per request to mitigate this issue. The default limit is 512 for\n parameters and 128 for headers. These defaults can be changed by setting\n the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\n org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n (CVE-2011-4858)\n\n It was found that Tomcat did not handle large numbers of parameters and\n large parameter values efficiently. A remote attacker could make Tomcat\n use an excessive amount of CPU time by sending an HTTP request containing a\n large number of parameters or large parameter values. This update\n introduces limits on the number of parameters and headers processed per\n request to address this issue. Refer to the CVE-2011-4858 description for\n information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\n org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n (CVE-2012-0022)\n\n Red Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT\n acknowledges Julian W\u00e4lde and Alexander Klink as the original reporters of\n CVE-2011-4858.\n\n Users of Tomcat should upgrade to these updated packages, which correct\n these issues. Tomcat must be restarted for this update to take effect.\";\n\ntag_affected = \"tomcat6 on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-April/msg00008.html\");\n script_id(870714);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:52:42 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-4858\", \"CVE-2012-0022\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2012:0475-01\");\n script_name(\"RedHat Update for tomcat6 RHSA-2012:0475-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~36.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~36.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~36.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~36.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~36.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-08T12:56:19", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat5 CESA-2012:0474 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0022", "CVE-2011-4858"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:881065", "href": "http://plugins.openvas.org/nasl.php?oid=881065", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat5 CESA-2012:0474 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n It was found that the Java hashCode() method implementation was susceptible\n to predictable hash collisions. A remote attacker could use this flaw to\n cause Tomcat to use an excessive amount of CPU time by sending an HTTP\n request with a large number of parameters whose names map to the same hash\n value. This update introduces a limit on the number of parameters processed\n per request to mitigate this issue. The default limit is 512 for\n parameters and 128 for headers. These defaults can be changed by setting\n the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\n org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n (CVE-2011-4858)\n \n It was found that Tomcat did not handle large numbers of parameters and\n large parameter values efficiently. A remote attacker could make Tomcat\n use an excessive amount of CPU time by sending an HTTP request containing a\n large number of parameters or large parameter values. This update\n introduces limits on the number of parameters and headers processed per\n request to address this issue. Refer to the CVE-2011-4858 description for\n information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\n org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n (CVE-2012-0022) \n \n Red Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT\n acknowledges Julian W\u00e4lde and Alexander Klink as the original reporters of\n CVE-2011-4858.\n \n Users of Tomcat should upgrade to these updated packages, which correct\n these issues. Tomcat must be restarted for this update to take effect.\";\n\ntag_affected = \"tomcat5 on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-April/018570.html\");\n script_id(881065);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 15:59:46 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-4858\", \"CVE-2012-0022\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2012:0474\");\n script_name(\"CentOS Update for tomcat5 CESA-2012:0474 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.31.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.31.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.31.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.31.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.31.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.31.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.31.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.31.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.31.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.31.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.31.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:59", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "cvss3": {}, "published": "2012-02-12T00:00:00", "type": "openvas", "title": "FreeBSD Ports: tomcat", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0022", "CVE-2011-4858"], "modified": "2018-10-05T00:00:00", "id": "OPENVAS:136141256231070752", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070752", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_tomcat0.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 7f5ccb1d-439b-11e1-bc16-0023ae8e59f0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70752\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-0022\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 07:27:20 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"FreeBSD Ports: tomcat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: tomcat\n\nCVE-2012-0022\nApache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before\n7.0.23 uses an inefficient approach for handling parameters, which\nallows remote attackers to cause a denial of service (CPU consumption)\nvia a request that contains many parameters and parameter values, a\ndifferent vulnerability than CVE-2011-4858.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.35\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.34\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.23\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/7f5ccb1d-439b-11e1-bc16-0023ae8e59f0.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"tomcat\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.5.0\")>0 && revcomp(a:bver, b:\"5.5.35\")<0) {\n txt += 'Package tomcat version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"tomcat\");\nif(!isnull(bver) && revcomp(a:bver, b:\"6.0.0\")>0 && revcomp(a:bver, b:\"6.0.34\")<0) {\n txt += 'Package tomcat version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"tomcat\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.0.0\")>0 && revcomp(a:bver, b:\"7.0.23\")<0) {\n txt += 'Package tomcat version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat6 RHSA-2012:0475-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0022", "CVE-2011-4858"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870714", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870714", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat6 RHSA-2012:0475-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-April/msg00008.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870714\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:52:42 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-4858\", \"CVE-2012-0022\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"RHSA\", value:\"2012:0475-01\");\n script_name(\"RedHat Update for tomcat6 RHSA-2012:0475-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"tomcat6 on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n It was found that the Java hashCode() method implementation was susceptible\n to predictable hash collisions. A remote attacker could use this flaw to\n cause Tomcat to use an excessive amount of CPU time by sending an HTTP\n request with a large number of parameters whose names map to the same hash\n value. This update introduces a limit on the number of parameters processed\n per request to mitigate this issue. The default limit is 512 for\n parameters and 128 for headers. These defaults can be changed by setting\n the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\n org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n (CVE-2011-4858)\n\n It was found that Tomcat did not handle large numbers of parameters and\n large parameter values efficiently. A remote attacker could make Tomcat\n use an excessive amount of CPU time by sending an HTTP request containing a\n large number of parameters or large parameter values. This update\n introduces limits on the number of parameters and headers processed per\n request to address this issue. Refer to the CVE-2011-4858 description for\n information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\n org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n (CVE-2012-0022)\n\n Red Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT\n acknowledges Julian Waelde and Alexander Klink as the original reporters of\n CVE-2011-4858.\n\n Users of Tomcat should upgrade to these updated packages, which correct\n these issues. Tomcat must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~36.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~36.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~36.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~36.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~36.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-02T10:57:36", "description": "Check for the Version of tomcat6", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat6 CESA-2012:0475 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0022", "CVE-2011-4858"], "modified": "2017-12-29T00:00:00", "id": "OPENVAS:881140", "href": "http://plugins.openvas.org/nasl.php?oid=881140", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat6 CESA-2012:0475 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n It was found that the Java hashCode() method implementation was susceptible\n to predictable hash collisions. A remote attacker could use this flaw to\n cause Tomcat to use an excessive amount of CPU time by sending an HTTP\n request with a large number of parameters whose names map to the same hash\n value. This update introduces a limit on the number of parameters processed\n per request to mitigate this issue. The default limit is 512 for\n parameters and 128 for headers. These defaults can be changed by setting\n the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\n org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n (CVE-2011-4858)\n \n It was found that Tomcat did not handle large numbers of parameters and\n large parameter values efficiently. A remote attacker could make Tomcat\n use an excessive amount of CPU time by sending an HTTP request containing a\n large number of parameters or large parameter values. This update\n introduces limits on the number of parameters and headers processed per\n request to address this issue. Refer to the CVE-2011-4858 description for\n information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\n org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n (CVE-2012-0022) \n \n Red Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT\n acknowledges Julian W\u00e4lde and Alexander Klink as the original reporters of\n CVE-2011-4858.\n \n Users of Tomcat should upgrade to these updated packages, which correct\n these issues. Tomcat must be restarted for this update to take effect.\";\n\ntag_affected = \"tomcat6 on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-April/018571.html\");\n script_id(881140);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:21:19 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-4858\", \"CVE-2012-0022\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2012:0475\");\n script_name(\"CentOS Update for tomcat6 CESA-2012:0475 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~36.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~36.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~36.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api-6.0.24~36.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~36.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~36.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~36.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~36.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~36.el6_2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-03-14T18:58:55", "description": "Oracle Linux Local Security Checks ELSA-2012-0474", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0474", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0022", "CVE-2011-4858"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310123939", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123939", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123939\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:10:35 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0474\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0474 - tomcat5 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0474\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0474.html\");\n script_cve_id(\"CVE-2011-4858\", \"CVE-2012-0022\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.31.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.31.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.31.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.31.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.31.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.31.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.31.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.31.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.31.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.31.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.31.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-13T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat5 RHSA-2012:0474-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0022", "CVE-2011-4858"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870585", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870585", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat5 RHSA-2012:0474-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-April/msg00007.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870585\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-13 10:32:45 +0530 (Fri, 13 Apr 2012)\");\n script_cve_id(\"CVE-2011-4858\", \"CVE-2012-0022\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"RHSA\", value:\"2012:0474-01\");\n script_name(\"RedHat Update for tomcat5 RHSA-2012:0474-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat5'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"tomcat5 on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n It was found that the Java hashCode() method implementation was susceptible\n to predictable hash collisions. A remote attacker could use this flaw to\n cause Tomcat to use an excessive amount of CPU time by sending an HTTP\n request with a large number of parameters whose names map to the same hash\n value. This update introduces a limit on the number of parameters processed\n per request to mitigate this issue. The default limit is 512 for\n parameters and 128 for headers. These defaults can be changed by setting\n the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\n org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n (CVE-2011-4858)\n\n It was found that Tomcat did not handle large numbers of parameters and\n large parameter values efficiently. A remote attacker could make Tomcat\n use an excessive amount of CPU time by sending an HTTP request containing a\n large number of parameters or large parameter values. This update\n introduces limits on the number of parameters and headers processed per\n request to address this issue. Refer to the CVE-2011-4858 description for\n information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\n org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n (CVE-2012-0022)\n\n Red Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT\n acknowledges Julian Waelde and Alexander Klink as the original reporters of\n CVE-2011-4858.\n\n Users of Tomcat should upgrade to these updated packages, which correct\n these issues. Tomcat must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.31.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.31.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.31.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.23~0jpp.31.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.31.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.31.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.31.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.31.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.31.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.31.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.31.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.31.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2012:085 (tomcat5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0022", "CVE-2011-4858"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831618", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831618", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDVSA-2012:085 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:085\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831618\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:54:54 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2011-4858\", \"CVE-2012-0022\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"MDVSA\", value:\"2012:085\");\n script_name(\"Mandriva Update for tomcat5 MDVSA-2012:085 (tomcat5)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat5'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5\\.2|2010\\.1)\");\n script_tag(name:\"affected\", value:\"tomcat5 on Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A vulnerability has been discovered and corrected in tomcat5:\n\n Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before\n 7.0.23 uses an inefficient approach for handling parameters, which\n allows remote attackers to cause a denial of service (CPU consumption)\n via a request that contains many parameters and parameter values,\n a different vulnerability than CVE-2011-4858 (CVE-2012-0022).\n\n The updated packages have been patched to correct this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.28~0.5.0.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.28~0.5.0.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.28~0.5.0.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.28~0.5.0.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.28~0.5.0.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.28~0.5.0.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.28~0.5.0.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.28~0.5.0.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.28~0.5.0.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.28~0.5.0.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.28~0.5.0.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.28~0.5.0.4mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.28~0.5.0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.28~0.5.0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.28~0.5.0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.28~0.5.0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.28~0.5.0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.28~0.5.0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.28~0.5.0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.28~0.5.0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.28~0.5.0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.28~0.5.0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.28~0.5.0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.28~0.5.0.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-12-04T11:20:14", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1359-1", "cvss3": {}, "published": "2012-02-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for tomcat6 USN-1359-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0022", "CVE-2011-4858", "CVE-2011-3375"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840899", "href": "http://plugins.openvas.org/nasl.php?oid=840899", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1359_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for tomcat6 USN-1359-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Tomcat incorrectly performed certain caching and\n recycling operations. A remote attacker could use this flaw to obtain read\n access to IP address and HTTP header information in certain cases. This\n issue only applied to Ubuntu 11.10. (CVE-2011-3375)\n\n It was discovered that Tomcat computed hash values for form parameters\n without restricting the ability to trigger hash collisions predictably.\n A remote attacker could cause a denial of service by sending many crafted\n parameters. (CVE-2011-4858)\n\n It was discovered that Tomcat incorrectly handled parameters. A remote\n attacker could cause a denial of service by sending requests with a large\n number of parameters and values. (CVE-2012-0022)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1359-1\";\ntag_affected = \"tomcat6 on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1359-1/\");\n script_id(840899);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 19:00:02 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2012-0022\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"USN\", value: \"1359-1\");\n script_name(\"Ubuntu Update for tomcat6 USN-1359-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.28-2ubuntu1.6\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.24-2ubuntu1.10\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.28-10ubuntu2.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:07", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1359-1", "cvss3": {}, "published": "2012-02-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for tomcat6 USN-1359-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0022", "CVE-2011-4858", "CVE-2011-3375"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840899", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840899", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1359_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for tomcat6 USN-1359-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1359-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840899\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 19:00:02 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2012-0022\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"USN\", value:\"1359-1\");\n script_name(\"Ubuntu Update for tomcat6 USN-1359-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1359-1\");\n script_tag(name:\"affected\", value:\"tomcat6 on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that Tomcat incorrectly performed certain caching and\n recycling operations. A remote attacker could use this flaw to obtain read\n access to IP address and HTTP header information in certain cases. This\n issue only applied to Ubuntu 11.10. (CVE-2011-3375)\n\n It was discovered that Tomcat computed hash values for form parameters\n without restricting the ability to trigger hash collisions predictably.\n A remote attacker could cause a denial of service by sending many crafted\n parameters. (CVE-2011-4858)\n\n It was discovered that Tomcat incorrectly handled parameters. A remote\n attacker could cause a denial of service by sending requests with a large\n number of parameters and values. (CVE-2012-0022)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.28-2ubuntu1.6\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.24-2ubuntu1.10\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.28-10ubuntu2.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-02T21:10:58", "description": "The remote ESXi is missing one or more security related Updates from VMSA-2012-0005.\n\nSummary\n\nVMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address\nseveral security issues\n\nRelevant releases\n\nVMware vCenter Server 5.0\nVMware vSphere Client 5.0\nVMware vSphere Client 4.1 Update 1 and earlier\nVMware vCenter Orchestrator 4.2\nVMware vCenter Orchestrator 4.1 Update 1 and earlier\nVMware vCenter Orchestrator 4.0 Update 3 and earlier\nVMware vShield Manager 4.1 Update 1\nVMware vShield Manager 1.0 Update 1\nVMware Update Manager 5.0\nESXi 5.0 without patches ESXi500-201203101-SG, ESXi500-201112402-BG\nESXi 4.1 without patch ESXi410-201110202-UG\nESXi 4.0 without patch ESXi400-201110402-BG\nESX 4.1 without patch ESX410-201110201-SG\nESX 4.0 without patch ESX400-201110401-SG\n\nProblem Description\n\na. VMware Tools Display Driver Privilege Escalation\n\n The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display\n driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege\n escalation on Windows-based Guest Operating Systems.\n\nb. vSphere Client internal browser input validation vulnerability\n\n The vSphere Client has an internal browser that renders html pages from log file entries. This browser doesn't\n properly sanitize input and may run script that is introduced into the log files. In order for the script to\n run, the user would need to open an individual, malicious log file entry. The script would run with the\n permissions of the user that runs the vSphere Client.\n\nc. vCenter Orchestrator Password Disclosure\n\n The vCenter Orchestrator (vCO) Web Configuration tool reflects back the vCenter Server password as part of the\n webpage. This might allow the logged-in vCO administrator to retrieve the vCenter Server password.\n \nd. vShield Manager Cross-Site Request Forgery vulnerability\n\n The vShield Manager (vSM) interface has a Cross-Site Request Forgery vulnerability. If an attacker can convince\n an authenticated user to visit a malicious link, the attacker may force the victim to forward an authenticated\n request to the server.\n\ne. vCenter Update Manager, Oracle (Sun) JRE update 1.6.0_30\n\n Oracle (Sun) JRE is updated to version 1.6.0_30, which addresses multiple security issues that existed in earlier\n releases of Oracle (Sun) JRE.\n\nf. vCenter Server Apache Tomcat update 6.0.35\n\n Apache Tomcat has been updated to version 6.0.35 to address multiple security issues.\n\ng. ESXi update to third party component bzip2\n\n The bzip2 library is updated to version 1.0.6, which resolves a security issue.", "cvss3": {}, "published": "2012-03-16T00:00:00", "type": "openvas", "title": "VMSA-2012-0005 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1510", "CVE-2012-1514", "CVE-2012-1508", "CVE-2012-0022", "CVE-2012-1509", "CVE-2010-0405", "CVE-2012-1513", "CVE-2011-3375", "CVE-2012-1512", "CVE-2011-3190"], "modified": "2017-04-17T00:00:00", "id": "OPENVAS:103457", "href": "http://plugins.openvas.org/nasl.php?oid=103457", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_VMSA-2012-0005.nasl 5958 2017-04-17 09:02:19Z teissa $\n#\n# VMSA-2012-0005 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"The remote ESXi is missing one or more security related Updates from VMSA-2012-0005.\n\nSummary\n\nVMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address\nseveral security issues\n\nRelevant releases\n\nVMware vCenter Server 5.0\nVMware vSphere Client 5.0\nVMware vSphere Client 4.1 Update 1 and earlier\nVMware vCenter Orchestrator 4.2\nVMware vCenter Orchestrator 4.1 Update 1 and earlier\nVMware vCenter Orchestrator 4.0 Update 3 and earlier\nVMware vShield Manager 4.1 Update 1\nVMware vShield Manager 1.0 Update 1\nVMware Update Manager 5.0\nESXi 5.0 without patches ESXi500-201203101-SG, ESXi500-201112402-BG\nESXi 4.1 without patch ESXi410-201110202-UG\nESXi 4.0 without patch ESXi400-201110402-BG\nESX 4.1 without patch ESX410-201110201-SG\nESX 4.0 without patch ESX400-201110401-SG\n\nProblem Description\n\na. VMware Tools Display Driver Privilege Escalation\n\n The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display\n driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege\n escalation on Windows-based Guest Operating Systems.\n\nb. vSphere Client internal browser input validation vulnerability\n\n The vSphere Client has an internal browser that renders html pages from log file entries. This browser doesn't\n properly sanitize input and may run script that is introduced into the log files. In order for the script to\n run, the user would need to open an individual, malicious log file entry. The script would run with the\n permissions of the user that runs the vSphere Client.\n\nc. vCenter Orchestrator Password Disclosure\n\n The vCenter Orchestrator (vCO) Web Configuration tool reflects back the vCenter Server password as part of the\n webpage. This might allow the logged-in vCO administrator to retrieve the vCenter Server password.\n \nd. vShield Manager Cross-Site Request Forgery vulnerability\n\n The vShield Manager (vSM) interface has a Cross-Site Request Forgery vulnerability. If an attacker can convince\n an authenticated user to visit a malicious link, the attacker may force the victim to forward an authenticated\n request to the server.\n\ne. vCenter Update Manager, Oracle (Sun) JRE update 1.6.0_30\n\n Oracle (Sun) JRE is updated to version 1.6.0_30, which addresses multiple security issues that existed in earlier\n releases of Oracle (Sun) JRE.\n\nf. vCenter Server Apache Tomcat update 6.0.35\n\n Apache Tomcat has been updated to version 6.0.35 to address multiple security issues.\n\ng. ESXi update to third party component bzip2\n\n The bzip2 library is updated to version 1.0.6, which resolves a security issue.\";\n\ntag_solution = \"Apply the missing patch(es).\";\n\nif (description)\n{\n script_id(103457);\n script_cve_id(\"CVE-2012-1508\", \"CVE-2012-1509\", \"CVE-2012-1510\", \"CVE-2012-1512\", \"CVE-2012-1513\", \"CVE-2012-1514\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2012-0022\", \"CVE-2010-0405\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version (\"$Revision: 5958 $\");\n script_name(\"VMSA-2012-0005 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues\");\n\n\n\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-17 11:02:19 +0200 (Mon, 17 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-16 16:53:01 +0100 (Fri, 16 Mar 2012)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\",\"VMware/ESX/version\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://www.vmware.com/security/advisories/VMSA-2012-0005.html\");\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item('VMware/ESXi/LSC'))exit(0);\nif(! esxVersion = get_kb_item(\"VMware/ESX/version\"))exit(0);\n\npatches = make_array(\"4.0.0\", \"ESXi400-201110402-BG\",\n \"4.1.0\", \"ESXi410-201110202-UG\",\n \"5.0.0\", \"VIB:esx-base:5.0.0-0.10.608089\");\n\n \nif(!patches[esxVersion])exit(0);\n\nif(_esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n\n security_message(port:0);\n exit(0);\n\n}\n\nexit(99);\n\n\n\n\n\n\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:53", "description": "The remote host is missing an update to tomcat6\nannounced via advisory DSA 2401-1.", "cvss3": {}, "published": "2012-02-12T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2401-1 (tomcat6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0022", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-4858", "CVE-2011-5063", "CVE-2011-5062", "CVE-2011-1184", "CVE-2011-3375", "CVE-2011-5064", "CVE-2011-3190"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231070718", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070718", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2401_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2401-1 (tomcat6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70718\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 06:38:55 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2401-1 (tomcat6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202401-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been found in Tomcat, a servlet and JSP\nengine:\n\nCVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064\n\nThe HTTP Digest Access Authentication implementation performed\ninsufficient countermeasures against replay attacks.\n\nCVE-2011-2204\n\nIn rare setups passwords were written into a logfile.\n\nCVE-2011-2526\n\nMissing input sanisiting in the HTTP APR or HTTP NIO connectors\ncould lead to denial of service.\n\nCVE-2011-3190\n\nAJP requests could be spoofed in some setups.\n\nCVE-2011-3375\n\nIncorrect request caching could lead to information disclosure.\n\nCVE-2011-4858 CVE-2012-0022\n\nThis update adds countermeasures against a collision denial of\nservice vulnerability in the Java hashtable implementation and\naddresses denial of service potentials when processing large\namounts of requests.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6.0.35-1+squeeze2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 6.0.35-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your tomcat6 packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to tomcat6\nannounced via advisory DSA 2401-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:33", "description": "The remote host is missing an update to tomcat6\nannounced via advisory DSA 2401-1.", "cvss3": {}, "published": "2012-02-12T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2401-1 (tomcat6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-0022", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-4858", "CVE-2011-5063", "CVE-2011-5062", "CVE-2011-1184", "CVE-2011-3375", "CVE-2011-5064", "CVE-2011-3190"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:70718", "href": "http://plugins.openvas.org/nasl.php?oid=70718", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2401_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2401-1 (tomcat6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been found in Tomcat, a servlet and JSP\nengine:\n\nCVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064\n\nThe HTTP Digest Access Authentication implementation performed\ninsufficient countermeasures against replay attacks.\n\nCVE-2011-2204\n\nIn rare setups passwords were written into a logfile.\n\nCVE-2011-2526\n\nMissing input sanisiting in the HTTP APR or HTTP NIO connectors\ncould lead to denial of service.\n\nCVE-2011-3190\n\nAJP requests could be spoofed in some setups.\n\nCVE-2011-3375\n\nIncorrect request caching could lead to information disclosure.\n\nCVE-2011-4858 CVE-2012-0022\n\nThis update adds countermeasures against a collision denial of\nservice vulnerability in the Java hashtable implementation and\naddresses denial of service potentials when processing large\namounts of requests.\n\nAdditional information can be\nfound at http://tomcat.apache.org/security-6.html\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6.0.35-1+squeeze2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 6.0.35-1.\n\nWe recommend that you upgrade your tomcat6 packages.\";\ntag_summary = \"The remote host is missing an update to tomcat6\nannounced via advisory DSA 2401-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202401-1\";\n\nif(description)\n{\n script_id(70718);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 06:38:55 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2401-1 (tomcat6)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.35-1+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-12-19T16:09:01", "description": "The remote ESXi is missing one or more security related Updates from VMSA-2012-0005.", "cvss3": {}, "published": "2012-03-16T00:00:00", "type": "openvas", "title": "VMware ESXi/ESX patches address several security issues (VMSA-2012-0005)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1510", "CVE-2012-1514", "CVE-2012-1508", "CVE-2012-0022", "CVE-2012-1509", "CVE-2010-0405", "CVE-2012-1513", "CVE-2011-3375", "CVE-2012-1512", "CVE-2011-3190"], "modified": "2019-12-18T00:00:00", "id": "OPENVAS:1361412562310103457", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103457", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VMSA-2012-0005 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103457\");\n script_cve_id(\"CVE-2012-1508\", \"CVE-2012-1509\", \"CVE-2012-1510\", \"CVE-2012-1512\", \"CVE-2012-1513\", \"CVE-2012-1514\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2012-0022\", \"CVE-2010-0405\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"2019-12-18T11:13:08+0000\");\n script_name(\"VMware ESXi/ESX patches address several security issues (VMSA-2012-0005)\");\n script_tag(name:\"last_modification\", value:\"2019-12-18 11:13:08 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-03-16 16:53:01 +0100 (Fri, 16 Mar 2012)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\", \"VMware/ESX/version\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2012-0005.html\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if the target host is missing one or more patch(es).\");\n\n script_tag(name:\"summary\", value:\"The remote ESXi is missing one or more security related Updates from VMSA-2012-0005.\");\n\n script_tag(name:\"affected\", value:\"ESXi 5.0 without patches ESXi500-201203101-SG, ESXi500-201112402-BG\n\n ESXi 4.1 without patch ESXi410-201110202-UG\n\n ESXi 4.0 without patch ESXi400-201110402-BG\n\n ESX 4.1 without patch ESX410-201110201-SG\n\n ESX 4.0 without patch ESX400-201110401-SG\");\n\n script_tag(name:\"insight\", value:\"a. VMware Tools Display Driver Privilege Escalation\n\n The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display\n driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege\n escalation on Windows-based Guest Operating Systems.\n\n b. vSphere Client internal browser input validation vulnerability\n\n The vSphere Client has an internal browser that renders html pages from log file entries. This browser doesn't\n properly sanitize input and may run script that is introduced into the log files. In order for the script to\n run, the user would need to open an individual, malicious log file entry. The script would run with the\n permissions of the user that runs the vSphere Client.\n\n c. vCenter Orchestrator Password Disclosure\n\n The vCenter Orchestrator (vCO) Web Configuration tool reflects back the vCenter Server password as part of the\n webpage. This might allow the logged-in vCO administrator to retrieve the vCenter Server password.\n\n d. vShield Manager Cross-Site Request Forgery vulnerability\n\n The vShield Manager (vSM) interface has a Cross-Site Request Forgery vulnerability. If an attacker can convince\n an authenticated user to visit a malicious link, the attacker may force the victim to forward an authenticated\n request to the server.\n\n e. vCenter Update Manager, Oracle (Sun) JRE update 1.6.0_30\n\n Oracle (Sun) JRE is updated to version 1.6.0_30, which addresses multiple security issues that existed in earlier\n releases of Oracle (Sun) JRE.\n\n f. vCenter Server Apache Tomcat update 6.0.35\n\n Apache Tomcat has been updated to version 6.0.35 to address multiple security issues.\n\n g. ESXi update to third party component bzip2\n\n The bzip2 library is updated to version 1.0.6, which resolves a security issue.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item(\"VMware/ESXi/LSC\"))\n exit(0);\n\nif(!esxVersion = get_kb_item(\"VMware/ESX/version\"))\n exit(0);\n\npatches = make_array(\"4.0.0\", \"ESXi400-201110402-BG\",\n \"4.1.0\", \"ESXi410-201110202-UG\",\n \"5.0.0\", \"VIB:esx-base:5.0.0-0.10.608089\");\n\nif(!patches[esxVersion])\n exit(99);\n\nif(report = esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:53", "description": "The remote host is missing updates announced in\nadvisory GLSA 201206-24.", "cvss3": {}, "published": "2012-08-10T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201206-24 (apache tomcat)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4312", "CVE-2009-0033", "CVE-2011-1088", "CVE-2010-4172", "CVE-2011-1183", "CVE-2012-0022", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2011-2204", "CVE-2011-1419", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-1582", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-4858", "CVE-2011-0534", "CVE-2011-5063", "CVE-2009-2901", "CVE-2011-5062", "CVE-2011-1184", "CVE-2010-2227", "CVE-2009-0783", "CVE-2010-3718", "CVE-2011-3375", "CVE-2011-5064", "CVE-2011-1475", "CVE-2009-2902", "CVE-2011-3190", "CVE-2011-2481"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:71550", "href": "http://plugins.openvas.org/nasl.php?oid=71550", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were found in Apache Tomcat, the worst of\nwhich allowing to read, modify and overwrite arbitrary files.\";\ntag_solution = \"All Apache Tomcat 6.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-6.0.35'\n \n\nAll Apache Tomcat 7.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-7.0.23'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201206-24\nhttp://bugs.gentoo.org/show_bug.cgi?id=272566\nhttp://bugs.gentoo.org/show_bug.cgi?id=273662\nhttp://bugs.gentoo.org/show_bug.cgi?id=303719\nhttp://bugs.gentoo.org/show_bug.cgi?id=320963\nhttp://bugs.gentoo.org/show_bug.cgi?id=329937\nhttp://bugs.gentoo.org/show_bug.cgi?id=373987\nhttp://bugs.gentoo.org/show_bug.cgi?id=374619\nhttp://bugs.gentoo.org/show_bug.cgi?id=382043\nhttp://bugs.gentoo.org/show_bug.cgi?id=386213\nhttp://bugs.gentoo.org/show_bug.cgi?id=396401\nhttp://bugs.gentoo.org/show_bug.cgi?id=399227\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201206-24.\";\n\n \n \nif(description)\n{\n script_id(71550);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2010-4312\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-1088\", \"CVE-2011-1183\", \"CVE-2011-1184\", \"CVE-2011-1419\", \"CVE-2011-1475\", \"CVE-2011-1582\", \"CVE-2011-2204\", \"CVE-2011-2481\", \"CVE-2011-2526\", \"CVE-2011-2729\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:53 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201206-24 (apache tomcat)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-servers/tomcat\", unaffected: make_list(\"rge 6.0.35\", \"ge 7.0.23\"), vulnerable: make_list(\"rlt 5.5.34\", \"rlt 6.0.35\", \"lt 7.0.23\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:54", "description": "The remote host is missing updates announced in\nadvisory GLSA 201206-24.", "cvss3": {}, "published": "2012-08-10T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201206-24 (apache tomcat)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4312", "CVE-2009-0033", "CVE-2011-1088", "CVE-2010-4172", "CVE-2011-1183", "CVE-2012-0022", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2011-2204", "CVE-2011-1419", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-1582", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-4858", "CVE-2011-0534", "CVE-2011-5063", "CVE-2009-2901", "CVE-2011-5062", "CVE-2011-1184", "CVE-2010-2227", "CVE-2009-0783", "CVE-2010-3718", "CVE-2011-3375", "CVE-2011-5064", "CVE-2011-1475", "CVE-2009-2902", "CVE-2011-3190", "CVE-2011-2481"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:136141256231071550", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071550", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201206_24.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71550\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2010-4312\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-1088\", \"CVE-2011-1183\", \"CVE-2011-1184\", \"CVE-2011-1419\", \"CVE-2011-1475\", \"CVE-2011-1582\", \"CVE-2011-2204\", \"CVE-2011-2481\", \"CVE-2011-2526\", \"CVE-2011-2729\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:53 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201206-24 (apache tomcat)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities were found in Apache Tomcat, the worst of\nwhich allowing to read, modify and overwrite arbitrary files.\");\n script_tag(name:\"solution\", value:\"All Apache Tomcat 6.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-6.0.35'\n\n\nAll Apache Tomcat 7.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-7.0.23'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201206-24\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=272566\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=273662\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=303719\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=320963\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=329937\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=373987\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=374619\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=382043\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=386213\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=396401\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=399227\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201206-24.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-servers/tomcat\", unaffected: make_list(\"rge 6.0.35\", \"ge 7.0.23\"), vulnerable: make_list(\"rlt 5.5.34\", \"rlt 6.0.35\", \"lt 7.0.23\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "tomcat": [{"lastseen": "2021-12-30T15:23:03", "description": "**Important: Denial of service** [CVE-2012-0022](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022>)\n\nAnalysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause large amounts of CPU to be used which in turn could create a denial of service. The issue was addressed by modifying the Tomcat parameter handling code to efficiently process large numbers of parameters and parameter values.\n\nThis was fixed in revisions [1189899](<https://svn.apache.org/viewvc?view=rev&rev=1189899>), [1190372](<https://svn.apache.org/viewvc?view=rev&rev=1190372>), [1190482](<https://svn.apache.org/viewvc?view=rev&rev=1190482>), [1194917](<https://svn.apache.org/viewvc?view=rev&rev=1194917>), [1195225](<https://svn.apache.org/viewvc?view=rev&rev=1195225>), [1195226](<https://svn.apache.org/viewvc?view=rev&rev=1195226>), [1195537](<https://svn.apache.org/viewvc?view=rev&rev=1195537>), [1195909](<https://svn.apache.org/viewvc?view=rev&rev=1195909>), [1195944](<https://svn.apache.org/viewvc?view=rev&rev=1195944>), [1195951](<https://svn.apache.org/viewvc?view=rev&rev=1195951>), [1195977](<https://svn.apache.org/viewvc?view=rev&rev=1195977>) and [1198641](<https://svn.apache.org/viewvc?view=rev&rev=1198641>).\n\nThis was identified by the Tomcat security team on 21 October 2011 and made public on 17 January 2012.\n\nAffects: 7.0.0-7.0.22", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 7.0.23", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0022"], "modified": "2011-11-25T00:00:00", "id": "TOMCAT:15CD6728C2514DB3DDC5BB2791C15B30", "href": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.23", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-30T15:23:03", "description": "**Note:** _The issues below were fixed in Apache Tomcat 6.0.34 but the release vote for the 6.0.34 release candidate did not pass. Therefore, although users must download 6.0.35 to obtain a version that includes a fix for this issue, version 6.0.34 is not included in the list of affected versions._\n\n**Important: Information disclosure** [CVE-2011-3375](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3375>)\n\nFor performance reasons, information parsed from a request is often cached in two places: the internal request object and the internal processor object. These objects are not recycled at exactly the same time. When certain errors occur that needed to be added to the access log, the access logging process triggers the re-population of the request object after it has been recycled. However, the request object was not recycled before being used for the next request. That lead to information leakage (e.g. remote IP address, HTTP headers) from the previous request to the next request. The issue was resolved be ensuring that the request and response objects were recycled after being re-populated to generate the necessary access log entries.\n\nThis was fixed in [revision 1185998](<https://svn.apache.org/viewvc?view=rev&rev=1185998>).\n\nThis was identified by the Tomcat security team on 22 September 2011 and made public on 17 January 2012.\n\nAffects: 6.0.30-6.0.33\n\n**Important: Authentication bypass and information disclosure ** [CVE-2011-3190](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190>)\n\nApache Tomcat supports the AJP protocol which is used with reverse proxies to pass requests and associated data about the request from the reverse proxy to Tomcat. The AJP protocol is designed so that when a request includes a request body, an unsolicited AJP message is sent to Tomcat that includes the first part (or possibly all) of the request body. In certain circumstances, Tomcat did not process this message as a request body but as a new request. This permitted an attacker to have full control over the AJP message permitting authentication bypass and information disclosure. This vulnerability only occurs when all of the following are true: \n\n * The org.apache.jk.server.JkCoyoteHandler AJP connector is not used \n * POST requests are accepted\n * The request body is not processed\n\nThis was fixed in [revision 1162959](<https://svn.apache.org/viewvc?view=rev&rev=1162959>).\n\nThis was reported publicly on 20th August 2011.\n\nAffects: 6.0.0-6.0.33\n\nMitigation options:\n\n * Upgrade to Tomcat 6.0.35.\n * Apply the appropriate [patch](<https://svn.apache.org/viewvc?view=rev&rev=1162959>).\n * Configure both Tomcat and the reverse proxy to use a shared secret. \n(It is \"`request.secret`\" attribute in AJP <Connector>, \"`worker._workername_.secret`\" directive for mod_jk. The mod_proxy_ajp module currently does not support shared secrets). \n * Use the org.apache.jk.server.JkCoyoteHandler (BIO) AJP connector implementation. \n(It is automatically selected if you do not have Tomcat-Native library installed. It can be also selected explicitly: `<Connector protocol=\"org.apache.jk.server.JkCoyoteHandler\">`). \n\nReferences:\n\n * AJP Connector documentation (Tomcat 6.0)\n * workers.properties configuration (mod_jk)\n\n**Important: Denial of service** [CVE-2012-0022](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022>)\n\nAnalysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause large amounts of CPU to be used which in turn could create a denial of service. The issue was addressed by modifying the Tomcat parameter handling code to efficiently process large numbers of parameters and parameter values.\n\nThis was fixed in revisions [1200601](<https://svn.apache.org/viewvc?view=rev&rev=1200601>), [1206324](<https://svn.apache.org/viewvc?view=rev&rev=1206324>) and [1229027](<https://svn.apache.org/viewvc?view=rev&rev=1229027>).\n\nThis was identified by the Tomcat security team on 21 October 2011 and made public on 17 January 2012.\n\nAffects: 6.0.0-6.0.33", "cvss3": {}, "published": "2011-12-05T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 6.0.35", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3190", "CVE-2011-3375", "CVE-2012-0022"], "modified": "2011-12-05T00:00:00", "id": "TOMCAT:B381EB137FE969CF22F68315CBD8CA51", "href": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.35", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T17:55:33", "description": "No description provided by source.", "cvss3": {}, "published": "2012-01-18T00:00:00", "type": "seebug", "title": "Apache Tomcat Large Number Denial Of Service", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2012-0022"], "modified": "2012-01-18T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-30033", "id": "SSV:30033", "sourceData": "\n CVE-2012-0022 Apache Tomcat Denial of Service\r\n\r\nSeverity: Important\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- Tomcat 7.0.0 to 7.0.22\r\n- Tomcat 6.0.0 to 6.0.33\r\n- Tomcat 5.5.0 to 5.5.34\r\n- Earlier, unsupported versions may also be affected\r\n\r\nDescription:\r\nAnalysis of the recent hash collision vulnerability identified unrelated\r\ninefficiencies with Apache Tomcat's handling of large numbers of\r\nparameters and parameter values. These inefficiencies could allow an\r\nattacker, via a specially crafted request, to cause large amounts of CPU\r\nto be used which in turn could create a denial of service.\r\nThe issue was addressed by modifying the Tomcat parameter handling code\r\nto efficiently process large numbers of parameters and parameter values.\r\n\r\nMitigation:\r\nUsers of affected versions should apply one of the following mitigations:\r\n- Tomcat 7.0.x users should upgrade to 7.0.23 or later\r\n- Tomcat 6.0.x users should upgrade to 6.0.35 or later\r\n- Tomcat 5.5.x users should upgrade to 5.5.35 or later\r\n\r\nCredit:\r\nThe inefficiencies in handling large numbers of parameters were\r\nidentified by the Apache Tomcat security team.\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\nhttp://tomcat.apache.org/security-7.html\r\nhttp://tomcat.apache.org/security-6.html\r\nhttp://tomcat.apache.org/security-5.html\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-30033", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2022-01-19T16:03:50", "description": "\n\nThe Tomcat security team reports:\n\nAnalysis of the recent hash collision vulnerability identified\n\t unrelated inefficiencies with Apache Tomcat's handling of large\n\t numbers of parameters and parameter values. These inefficiencies\n\t could allow an attacker, via a specially crafted request, to\n\t cause large amounts of CPU to be used which in turn could create\n\t a denial of service. The issue was addressed by modifying the\n\t Tomcat parameter handling code to efficiently process large\n\t numbers of parameters and parameter values.\n\n\n", "cvss3": {}, "published": "2011-10-21T00:00:00", "type": "freebsd", "title": "tomcat -- Denial of Service", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0022"], "modified": "2011-10-21T00:00:00", "id": "7F5CCB1D-439B-11E1-BC16-0023AE8E59F0", "href": "https://vuxml.freebsd.org/freebsd/7f5ccb1d-439b-11e1-bc16-0023ae8e59f0.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "osv": [{"lastseen": "2022-07-13T19:59:52", "description": "Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.", "edition": 1, "cvss3": {}, "published": "2022-05-04T00:27:43", "type": "osv", "title": "Denial of Service in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0022", "CVE-2011-4858"], "modified": "2022-07-13T18:43:06", "id": "OSV:GHSA-8H2Q-QM9X-55JC", "href": "https://osv.dev/vulnerability/GHSA-8h2q-qm9x-55jc", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-21T08:30:58", "description": "\nSeveral vulnerabilities have been found in Tomcat, a servlet and JSP\nengine:\n\n\n* [CVE-2011-1184](https://security-tracker.debian.org/tracker/CVE-2011-1184) [CVE-2011-5062](https://security-tracker.debian.org/tracker/CVE-2011-5062) [CVE-2011-5063](https://security-tracker.debian.org/tracker/CVE-2011-5063) [CVE-2011-5064](https://security-tracker.debian.org/tracker/CVE-2011-5064)\nThe HTTP Digest Access Authentication implementation performed\n insufficient countermeasures against replay attacks.\n* [CVE-2011-2204](https://security-tracker.debian.org/tracker/CVE-2011-2204)\nIn rare setups passwords were written into a logfile.\n* [CVE-2011-2526](https://security-tracker.debian.org/tracker/CVE-2011-2526)\nMissing input sanitising in the HTTP APR or HTTP NIO connectors\n could lead to denial of service.\n* [CVE-2011-3190](https://security-tracker.debian.org/tracker/CVE-2011-3190)\nAJP requests could be spoofed in some setups.\n* [CVE-2011-3375](https://security-tracker.debian.org/tracker/CVE-2011-3375)\nIncorrect request caching could lead to information disclosure.\n* [CVE-2011-4858](https://security-tracker.debian.org/tracker/CVE-2011-4858) [CVE-2012-0022](https://security-tracker.debian.org/tracker/CVE-2012-0022)\nThis update adds countermeasures against a collision denial of\n service vulnerability in the Java hashtable implementation and\n addresses denial of service potentials when processing large\n amounts of requests.\n\n\nAdditional information can be\nfound at \n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6.0.35-1+squeeze2.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 6.0.35-1.\n\n\nWe recommend that you upgrade your tomcat6 packages.\n\n\n", "edition": 1, "cvss3": {}, "published": "2012-02-02T00:00:00", "type": "osv", "title": "tomcat6 - several", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0022", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-4858", "CVE-2011-5063", "CVE-2011-5062", "CVE-2011-1184", "CVE-2011-3375", "CVE-2011-5064", "CVE-2011-3190"], "modified": "2022-07-21T05:47:37", "id": "OSV:DSA-2401-1", "href": "https://osv.dev/vulnerability/DSA-2401-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2021-06-08T19:14:42", "description": "DoS, information disclosure.", "edition": 2, "cvss3": {}, "published": "2012-01-20T00:00:00", "type": "securityvulns", "title": "Apache Tomcat security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0022", "CVE-2011-3375"], "modified": "2012-01-20T00:00:00", "id": "SECURITYVULNS:VULN:12149", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12149", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:44", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n -----------------------------------------------------------------------\r\n VMware Security Advisory\r\n\r\nAdvisory ID: VMSA-2012-0005\r\nSynopsis: VMware vCenter Server, Orchestrator, Update Manager,\r\n vShield, vSphere Client, ESXi and ESX address\r\n several security issues\r\nIssue date: 2012-03-15\r\nUpdated on: 2012-03-15 (initial advisory)\r\n\r\nCVE numbers: CVE-2012-1508, CVE-2012-1509, CVE-2012-1510,\r\n CVE-2012-1512, CVE-2012-1513, CVE-2012-1514,\r\n CVE-2011-3190, CVE-2011-3375, CVE-2012-0022,\r\n CVE-2010-0405\r\n --- JRE ---\r\n See references\r\n -----------------------------------------------------------------------\r\n1. Summary\r\n\r\n VMware vCenter Server, Orchestrator, Update Manager, vShield,\r\n vSphere Client, ESXi and ESX address several security issues\r\n\r\n2. Relevant releases\r\n\r\n VMware vCenter Server 5.0\r\n\r\n VMware vSphere Client 5.0\r\n VMware vSphere Client 4.1 Update 1 and earlier\r\n\r\n VMware vCenter Orchestrator 4.2\r\n VMware vCenter Orchestrator 4.1 Update 1 and earlier\r\n VMware vCenter Orchestrator 4.0 Update 3 and earlier\r\n\r\n VMware vShield Manager 4.1 Update 1\r\n VMware vShield Manager 1.0 Update 1\r\n\r\n VMware Update Manager 5.0\r\n\r\n ESXi 5.0 without patches ESXi500-201203101-SG, ESXi500-201112402-BG\r\n ESXi 4.1 without patch ESXi410-201110202-UG\r\n ESXi 4.0 without patch ESXi400-201110402-BG\r\n\r\n ESX 4.1 without patch ESX410-201110201-SG\r\n ESX 4.0 without patch ESX400-201110401-SG\r\n\r\n3. Problem Description\r\n\r\n a. VMware Tools Display Driver Privilege Escalation\r\n\r\n The VMware XPDM and WDDM display drivers contain buffer overflow\r\n vulnerabilities and the XPDM display driver does not properly\r\n check for NULL pointers. Exploitation of these issues may lead\r\n to local privilege escalation on Windows-based Guest Operating\r\n Systems.\r\n\r\n VMware would like to thank Tarjei Mandt for reporting theses\r\n issues to us.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned the names CVE-2012-1509 (XPDM buffer overrun),\r\n CVE-2012-1510 (WDDM buffer overrun) and CVE-2012-1508 (XPDM null\r\n pointer dereference) to these issues.\r\n\r\n Note: CVE-2012-1509 doesn't affect ESXi and ESX.\r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is\r\n available.\r\n\r\n VMware Product Running Replace with/\r\n Product * Version on Apply Patch **\r\n ============= ======== ======= =================\r\n vCenter any Windows not affected\r\n \r\n Workstation 8.x any not affected\r\n \r\n Player 4.x any not affected\r\n \r\n Fusion 4.x Mac OS/X not affected\r\n \r\n ESXi 5.0 ESXi ESXi500-201112402-BG\r\n ESXi 4.1 ESXi ESXi410-201110202-UG\r\n ESXi 4.0 ESXi ESXi400-201110402-BG\r\n ESXi 3.5 ESXi not affected\r\n \r\n ESX 4.1 ESX ESX410-201110201-SG\r\n ESX 4.0 ESX ESX400-201110401-SG\r\n ESX 3.5 ESX not affected\r\n\r\n * Remediation for VMware View is described in VMSA-2012-0004.\r\n\r\n ** Notes on updating VMware Guest Tools:\r\n\r\n After the update or patch is applied, VMware Guest Tools must\r\n be updated in any pre-existing Windows-based Guest Operating\r\n System. The XPDM and WDDM drivers are part of Tools.\r\n\r\n Windows-Based Virtual Machines that have moved to Workstation\r\n 8 or Player 4 from a lower version of Workstation or Player\r\n are affected unless:\r\n\r\n - They were moved from Workstation 7.1.5 or Player 3.1.5,\r\n\r\n AND\r\n\r\n - The Tools version was updated before the move.\r\n\r\n Windows-Based Virtual Machines that have moved to Fusion 4\r\n from a lower version of Fusion are affected.\r\n\r\n b. vSphere Client internal browser input validation vulnerability\r\n\r\n The vSphere Client has an internal browser that renders html\r\n pages from log file entries. This browser doesn't properly\r\n sanitize input and may run script that is introduced into the\r\n log files. In order for the script to run, the user would need\r\n to open an individual, malicious log file entry. The script\r\n would run with the permissions of the user that runs the vSphere\r\n Client.\r\n\r\n VMware would like to thank Edward Torkington for reporting this\r\n issue to us.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned the name CVE-2012-1512 to this issue.\r\n\r\n In order to remediate the issue, the vSphere Client of the\r\n vSphere 5.0 Update 1 release or the vSphere 4.1 Update 2 release\r\n needs to be installed. The vSphere Clients that come with\r\n vSphere 4.0 and vCenter Server 2.5 are not affected.\r\n\r\n c. vCenter Orchestrator Password Disclosure\r\n\r\n The vCenter Orchestrator (vCO) Web Configuration tool reflects\r\n back the vCenter Server password as part of the webpage. This\r\n might allow the logged-in vCO administrator to retrieve the\r\n vCenter Server password.\r\n\r\n VMware would like to thank Alexey Sintsov from Digital Security\r\n Research Group for reporting this issue to us.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned the name CVE-2012-1513 to this issue.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======= ======= =================\r\n vCO 4.2 Windows vCO 4.2 Update 1\r\n vCO 4.1 Windows vCO 4.1 Update 2\r\n vCO 4.0 Windows vCO 4.0 Update 4\r\n\r\n d. vShield Manager Cross-Site Request Forgery vulnerability\r\n\r\n The vShield Manager (vSM) interface has a Cross-Site Request\r\n Forgery vulnerability. If an attacker can convince an\r\n authenticated user to visit a malicious link, the attacker may\r\n force the victim to forward an authenticated request to the\r\n server.\r\n\r\n VMware would like to thank Frans Pehrson of Xxor AB\r\n (www.xxor.se) and Claudio Criscione for independently reporting\r\n this issue to us\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned the name CVE-2012-1514 to this issue.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======= ======= =================\r\n vSM 5.0 Linux not affected\r\n vSM 4.1 Linux vSM 4.1.0 Update 2\r\n vSM 4.0 Linux vSM 1.0.1 Update 2\r\n\r\n e. vCenter Update Manager, Oracle (Sun) JRE update 1.6.0_30\r\n\r\n Oracle (Sun) JRE is updated to version 1.6.0_30, which addresses\r\n multiple security issues that existed in earlier releases of\r\n Oracle (Sun) JRE.\r\n\r\n Oracle has documented the CVE identifiers that are addressed in\r\n JRE 1.6.0_29 and JRE 1.6.0_30 in the Oracle Java SE Critical\r\n Patch Update Advisory of October 2011. The References section\r\n provides a link to this advisory.\r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is\r\n available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======= ======= =================\r\n vCenter 5. Windows patch pending\r\n vCenter 4.1 Windows patch pending\r\n vCenter 4.0 Windows not applicable **\r\n VirtualCenter 2.5 Windows not applicable **\r\n\r\n Update Manager 5.0 Windows Update Manager 5.0 Update 1\r\n Update Manager 4.1 Windows not applicable **\r\n Update Manager 4.0 Windows not applicable **\r\n\r\n hosted * any any not affected\r\n\r\n ESXi any ESXi not applicable\r\n\r\n ESX 4.1 ESX patch pending\r\n ESX 4.0 ESX not applicable **\r\n ESX 3.5 ESX not applicable **\r\n\r\n * hosted products are VMware Workstation, Player, ACE, Fusion.\r\n\r\n ** this product uses the Oracle (Sun) JRE 1.5.0 family\r\n\r\n f. vCenter Server Apache Tomcat update 6.0.35\r\n\r\n Apache Tomcat has been updated to version 6.0.35 to address\r\n multiple security issues.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned the names CVE-2011-3190, CVE-2011-3375, and\r\n CVE-2012-0022 to these issues.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======= ======= =================\r\n vCenter 5.0 Windows vCenter 5.0 Update 1\r\n vCenter 4.1 Windows patch pending\r\n vCenter 4.0 Windows patch pending\r\n VirtualCenter 2.5 Windows not applicable **\r\n \r\n hosted * any any not affected\r\n \r\n ESXi any ESXi not applicable\r\n \r\n ESX 4.1 ESX patch pending\r\n ESX 4.0 ESX patch pending\r\n ESX 3.5 ESX not applicable **\r\n\r\n * hosted products are VMware Workstation, Player, ACE, Fusion.\r\n\r\n ** this product uses the Apache Tomcat 5.5 family\r\n\r\n g. ESXi update to third party component bzip2\r\n\r\n The bzip2 library is updated to version 1.0.6, which resolves a\r\n security issue.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned the name CVE-2010-0405 to this issue.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======= ======= =================\r\n vCenter any Windows not affected\r\n \r\n hosted * any any not affected\r\n \r\n ESXi 5.0 ESXi ESXi500-201203101-SG\r\n ESXi 4.1 ESXi not affected\r\n ESXi 4.0 ESXi not affected\r\n ESXi 3.5 ESXi not affected\r\n \r\n ESX any ESX not applicable\r\n\r\n * hosted products are VMware Workstation, Player, ACE, Fusion.\r\n\r\n4. Solution\r\n\r\n Please review the patch/release notes for your product and version\r\n and verify the checksum of your downloaded file.\r\n\r\n vCenter Server 5.0 Update 1\r\n ---------------------------\r\n\r\n The download for vCenter Server includes vSphere Update Manager,\r\n vSphere Client, and vCenter Orchestrator\r\n\r\n Download link:\r\n \r\nhttp://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_v\r\nsphere/5_0\r\n\r\n Release Notes:\r\n vSphere vCenter Server\r\n \r\nhttps://www.vmware.com/support/pubs/vsphere-esxi-vcenter-server-pubs.html\r\n https://www.vmware.com/support/pubs/vum_pubs.html\r\n\r\n File: VMware-VIMSetup-all-5.0.0-639890.iso\r\n md5sum:f860ac4b618e2562ebffa2318446fa5b\r\n sha1sum:62830e3061b983e98944ae6d9d3b2e820cebe270\r\n\r\n File: VMware-VIMSetup-all-5.0.0-639890.zip\r\n md5sum:a8bdde277aeeffc382ec210acf510479\r\n sha1sum:0b675a47349fdc09104c62ad84bd302846213fc8\r\n\r\n vCenter Server 4.1 Update 2\r\n ---------------------------\r\n\r\n The download for vCenter Server includes vSphere Client and\r\n vCenter Orchestrator.\r\n\r\n Download link:\r\n \r\nhttp://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_v\r\nsphere/4_1\r\n\r\n Release Notes:\r\n \r\nhttp://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html\r\n\r\n File: VMware-VIMSetup-all-4.1.0-493063.iso\r\n md5sum: d132326846a85bfc9ebbc53defeee6e1\r\n sha1sum: 192c3e5d2a10bbe53c025cc7eedb3133a23e0541\r\n\r\n File: VMware-VIMSetup-all-4.1.0-493063.zip\r\n md5sum: 7fd7b09e501bd8fde52649b395491222\r\n sha1sum: 46dd00e7c594ac672a5d7c3c27d15be2f5a5f1f1\r\n\r\n vCenter Server 4.0 Update 4\r\n ---------------------------\r\n\r\n The download for vCenter Server includes vCenter Orchestrator.\r\n\r\n Download link:\r\n \r\nhttp://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_v\r\nsphere/4_0\r\n\r\n Release Notes:\r\n \r\nhttp://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx40_vc40.html\r\n\r\n File: VMware-VIMSetup-all-4.0.0-502539.iso\r\n md5sum: b418ff3d394f91b418271b6b93dfd6bd\r\n sha1sum: 56c2ec60f8b8a734a8312d9e38d5d70cd20c0927\r\n\r\n File: VMware-VIMSetup-all-4.0.0-502539.zip\r\n md5sum: 2acfadde1ec0cd6d37063d87246d6942\r\n sha1sum: ea1f3a3cb178f23fc2cf49bfc1450d10e5f699f8\r\n\r\n vShield Manager 4.1.0 Update 2\r\n ------------------------------\r\n\r\n Download link:\r\n \r\nhttp://downloads.vmware.com/d/details/vshield_endpoint10u3/ZHB3YnRAKndidHR3\r\nag==\r\n\r\n Release Notes:\r\n \r\nhttps://www.vmware.com/support/vshield/doc/releasenotes_vshield_410U2.html\r\n\r\n File: VMware-vShield-Manager-upgrade-bundle-4.1.0U2-576124.tar.gz\r\n md5sum:9a80fc347bc4a19ad0fd4c9fcb4ab475\r\n sha1sum:f5780c1615da0493d0955a1343876c4111d85203\r\n\r\n vShield Zones 1.0 Update 2\r\n --------------------------\r\n\r\n The download for VMware vShield Zones contains vShield Manager\r\n\r\n Download link:\r\n http://downloads.vmware.com/d/details/zones10u2/dHRAYndld2pidHclJQ==\r\n\r\n Release Notes\r\n https://www.vmware.com/support/vsz/doc/releasenotes_vsz_10U2.html\r\n\r\n File: VMware-vShieldZones-1.0U2-638154.exe\r\n md5sum:73515f4732c3a1ecc91ef21a504ca6d9\r\n sha1sum:ed4d858e1c05f54679ba99b739270c054efaf63e\r\n\r\n ESXi and ESX\r\n ------------\r\n\r\n Download link:\r\n http://downloads.vmware.com/go/selfsupport-download\r\n\r\n ESXi 5.0\r\n --------\r\n File: update-from-esxi5.0-5.0_update01\r\n md5sum: 55c25bd990e2881462bc5b66fb5f6c39\r\n sha1sum: ecd871bb09b649c6c8c13de82d579d4b7dcadc88\r\n http://kb.vmware.com/kb/2011432\r\n update-from-esxi5.0-5.0_update01 contains ESXi500-201203101-SG\r\n\r\n File: ESXi500-201112001\r\n md5sum: 107ec1cf6ee1d5d5cb8ea5c05b05cc10\r\n sha1sum: aff63c8a170508c8c0f21a60d1ea75ef1922096d\r\n http://kb.vmware.com/kb/2007672\r\n ESXi500-201112001 contains ESXi500-201112402-BG\r\n\r\n Note: subsequent ESXi releases are cumulative and\r\n ESXi500-201203101-SG includes the security fixes that are\r\n present in ESXi500-201112402-BG\r\n\r\n ESXi 4.1\r\n --------\r\n File: update-from-esxi4.1-4.1_update02\r\n md5sum: 57e34b500ce543d778f230da1d44e412\r\n sha1sum: 52f4378e2f1a29c908493182ccbde91d58b4112f\r\n http://kb.vmware.com/kb/2002341\r\n update-from-esxi4.1-4.1_update02 contains ESXi410-201110202-UG\r\n\r\n ESXi 4.0\r\n --------\r\n File: ESXi400-201110001\r\n md5sum: fd47b5e2b7ea1db79a2e0793d4c9d9d3\r\n sha1sum: 759d4fa6da6eb49f41def68e3bd66e80c9a7032b\r\n http://kb.vmware.com/kb/1039199\r\n ESXi400-201110001 contains ESXi400-201110402-BG\r\n\r\n ESX 4.1\r\n -------\r\n File: update-from-esx4.1-4.1_update02\r\n md5sum: 96189a6de3797e28b153f89e01d5a15b\r\n sha1sum: b1823d39d0e4536a421fb933f02380bae7ee7a5d\r\n http://kb.vmware.com/kb/2002303\r\n update-from-esx4.1-4.1_update02 contains ESX410-201110201-SG\r\n\r\n ESX 4.0\r\n -------\r\n File: ESX400-201110001\r\n md5sum: 0ce9cc285ea5c27142c9fdf273443d78\r\n sha1sum: fdb5482b2bf1e9c97f2814255676e3de74512399\r\n http://kb.vmware.com/kb/1036392\r\n ESX400-201110001 contains ESX400-201110401-SG\r\n\r\n5. References\r\n\r\n Oracle Java SE Critical Patch Update Advisory of October 2011\r\n \r\nhttp://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.htm\r\nl\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1508\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1509\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1510\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1512\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1513\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1514\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3375\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405\r\n\r\n -----------------------------------------------------------------------\r\n\r\n6. Change log\r\n\r\n 2012-03-15 VMSA-2012-0005\r\n \r\n Initial security advisory in conjunction with the release of\r\n vSphere 5.0 Update 1, Orchestrator 4.2 Update 1, Update Manager 5.0\r\n Update 1, vShield 1.0 Update 2, and ESXi and ESX 5.0 patches on\r\n 2012-03-15.\r\n\r\n -----------------------------------------------------------------------\r\n\r\n7. Contact\r\n\r\n E-mail list for product security notifications and announcements:\r\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\r\n \r\n This Security Advisory is posted to the following lists:\r\n \r\n * security-announce at lists.vmware.com\r\n * bugtraq at securityfocus.com\r\n * full-disclosure at lists.grok.org.uk\r\n \r\n E-mail: security at vmware.com\r\n PGP key at: http://kb.vmware.com/kb/1055\r\n \r\n VMware Security Advisories\r\n http://www.vmware.com/security/advisories\r\n \r\n VMware security response policy\r\n http://www.vmware.com/support/policies/security_response.html\r\n \r\n General support life cycle policy\r\n http://www.vmware.com/support/policies/eos.html\r\n \r\n VMware Infrastructure support life cycle policy\r\n http://www.vmware.com/support/policies/eos_vi.html\r\n \r\n Copyright 2012 VMware Inc. All rights reserved.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: PGP Desktop 9.8.3 (Build 4028)\r\nCharset: utf-8\r\n\r\nwj8DBQFPY8IgDEcm8Vbi9kMRArL4AJ9S8Fmumd26d3UyRUjpwue4WBIIAwCfX5lO\r\nCZfePTwZlp9o+Bcf2/30Bjg=\r\n=g0FE\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2012-03-20T00:00:00", "title": "VMSA-20120005 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1510", "CVE-2012-1514", "CVE-2012-1508", "CVE-2012-0022", "CVE-2012-1509", "CVE-2010-0405", "CVE-2012-1513", "CVE-2011-3375", "CVE-2012-1512", "CVE-2011-3190"], "modified": "2012-03-20T00:00:00", "id": "SECURITYVULNS:DOC:27826", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27826", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:51:07", "description": "Privilege escalation, cross application scripting, information leakage, crossite scripting.", "edition": 2, "cvss3": {}, "published": "2012-03-20T00:00:00", "type": "securityvulns", "title": "VMWare applications multiple security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1510", "CVE-2012-1514", "CVE-2012-1508", "CVE-2012-0022", "CVE-2012-1509", "CVE-2010-0405", "CVE-2012-1513", "CVE-2011-3375", "CVE-2012-1512", "CVE-2011-3190"], "modified": "2012-03-20T00:00:00", "id": "SECURITYVULNS:VULN:12279", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12279", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:50", "description": "Over 85 of different vulnerabilites are fixed in CPU.", "edition": 1, "cvss3": {}, "published": "2013-02-24T00:00:00", "type": "securityvulns", "title": " Oracle / Sun / People Soft / MySQL applications multiple security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0376", "CVE-2013-0362", "CVE-2013-0385", "CVE-2013-0355", "CVE-2012-1678", "CVE-2013-0371", "CVE-2012-1680", "CVE-2013-0394", "CVE-2013-0393", "CVE-2012-3220", "CVE-2013-0378", "CVE-2013-0379", "CVE-2012-5611", "CVE-2013-0386", "CVE-2012-0022", "CVE-2013-0374", "CVE-2012-0574", "CVE-2013-0357", "CVE-2013-0353", "CVE-2012-5096", "CVE-2013-0359", "CVE-2013-0420", "CVE-2011-5035", "CVE-2013-0361", "CVE-2012-1705", "CVE-2013-0418", "CVE-2013-0358", "CVE-2012-3169", "CVE-2013-0390", "CVE-2012-3168", "CVE-2013-0382", "CVE-2013-0381", "CVE-2013-0377", "CVE-2013-0395", "CVE-2012-1677", "CVE-2013-0383", "CVE-2013-0399", "CVE-2013-0352", "CVE-2013-0368", "CVE-2013-0389", "CVE-2012-3172", "CVE-2013-0354", "CVE-2012-5060", "CVE-2013-0375", "CVE-2012-5097", "CVE-2012-3170", "CVE-2013-0396", "CVE-2012-1702", "CVE-2012-3190", "CVE-2013-0364", "CVE-2013-0367", "CVE-2013-0388", "CVE-2013-0363", "CVE-2012-1701", "CVE-2013-0415", "CVE-2013-0407", "CVE-2013-0366", "CVE-2013-0387", "CVE-2012-0569", "CVE-2013-0370", "CVE-2012-3219", "CVE-2013-0365", "CVE-2012-1755", "CVE-2013-0380", "CVE-2013-0373", "CVE-2012-0572", "CVE-2012-3192", "CVE-2013-0391", "CVE-2012-3178", "CVE-2012-0578", "CVE-2012-5062", "CVE-2012-1700", "CVE-2013-0369", "CVE-2012-3218", "CVE-2013-0400", "CVE-2013-0372", "CVE-2012-5059", "CVE-2013-0356", "CVE-2013-0360", "CVE-2013-0417", "CVE-2013-0397", "CVE-2012-5612", "CVE-2013-0384", "CVE-2013-0414"], "modified": "2013-02-24T00:00:00", "id": "SECURITYVULNS:VULN:12836", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12836", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:37", "description": "[0:6.0.24-36]\n- Resolves: CVE-2012-0022 regression. Changes made to patch file.", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "oraclelinux", "title": "tomcat6 security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-0022", "CVE-2011-4858"], "modified": "2012-04-11T00:00:00", "id": "ELSA-2012-0475", "href": "http://linux.oracle.com/errata/ELSA-2012-0475.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:20", "description": "[0:5.5.23-0jpp.31]\n- Resolves: CVE-2012 regression. Changed patch file.\n[0:5.5.23-0jpp.30]\n- Resolves: CVE-2012-0022, CVE-2011-4858\n[0:5.5.23-0jpp.27]\n- Resolves CVE-2011-0013 rhbz 675933\n- Resolves CVE-2011-3718 rhbz 675933\n[0:5.5.23-0jpp.23]\n- Resolves CVE-2011-1184 rhbz 744984\n- Resolves CVE-2011-2204 rhbz 719188", "cvss3": {}, "published": "2012-04-11T00:00:00", "type": "oraclelinux", "title": "tomcat5 security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-0022", "CVE-2011-2204", "CVE-2011-0013", "CVE-2011-4858", "CVE-2011-1184", "CVE-2011-3718"], "modified": "2012-04-11T00:00:00", "id": "ELSA-2012-0474", "href": "http://linux.oracle.com/errata/ELSA-2012-0474.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:31:20", "description": "Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23\nuses an inefficient approach for handling parameters, which allows remote\nattackers to cause a denial of service (CPU consumption) via a request that\ncontains many parameters and parameter values, a different vulnerability\nthan CVE-2011-4858.\n\n#### Bugs\n\n * <https://issues.apache.org/bugzilla/show_bug.cgi?id=52384>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=783359>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | upstream bug says last commit isn't in 6.0.35.\n", "cvss3": {}, "published": "2012-01-18T00:00:00", "type": "ubuntucve", "title": "CVE-2012-0022", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4858", "CVE-2012-0022"], "modified": "2012-01-18T00:00:00", "id": "UB:CVE-2012-0022", "href": "https://ubuntu.com/security/CVE-2012-0022", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:31:28", "description": "Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23\ncomputes hash values for form parameters without restricting the ability to\ntrigger hash collisions predictably, which allows remote attackers to cause\na denial of service (CPU consumption) by sending many crafted parameters.\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=750521>\n * <https://bugs.launchpad.net/ubuntu/+source/tomcat6/+bug/909828>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | CVE-2011-4084 was rejected as a dupe of this one fixes overlap with CVE-2012-0022 fixes\n", "cvss3": {}, "published": "2012-01-05T00:00:00", "type": "ubuntucve", "title": "CVE-2011-4858", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4084", "CVE-2011-4858", "CVE-2012-0022"], "modified": "2012-01-05T00:00:00", "id": "UB:CVE-2011-4858", "href": "https://ubuntu.com/security/CVE-2011-4858", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2022-03-17T19:33:48", "description": "Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.", "cvss3": {}, "published": "2012-01-19T04:01:00", "type": "debiancve", "title": "CVE-2012-0022", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4858", "CVE-2012-0022"], "modified": "2012-01-19T04:01:00", "id": "DEBIANCVE:CVE-2012-0022", "href": "https://security-tracker.debian.org/tracker/CVE-2012-0022", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2023-01-01T04:46:11", "description": "**CentOS Errata and Security Advisory** CESA-2012:0474\n\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was found that the Java hashCode() method implementation was susceptible\nto predictable hash collisions. A remote attacker could use this flaw to\ncause Tomcat to use an excessive amount of CPU time by sending an HTTP\nrequest with a large number of parameters whose names map to the same hash\nvalue. This update introduces a limit on the number of parameters processed\nper request to mitigate this issue. The default limit is 512 for\nparameters and 128 for headers. These defaults can be changed by setting\nthe org.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters and\nlarge parameter values efficiently. A remote attacker could make Tomcat\nuse an excessive amount of CPU time by sending an HTTP request containing a\nlarge number of parameters or large parameter values. This update\nintroduces limits on the number of parameters and headers processed per\nrequest to address this issue. Refer to the CVE-2011-4858 description for\ninformation about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022) \n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT\nacknowledges Julian Walde and Alexander Klink as the original reporters of\nCVE-2011-4858.\n\nUsers of Tomcat should upgrade to these updated packages, which correct\nthese issues. Tomcat must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2012-April/068045.html\n\n**Affected packages:**\ntomcat5\ntomcat5-admin-webapps\ntomcat5-common-lib\ntomcat5-jasper\ntomcat5-jasper-javadoc\ntomcat5-jsp-2.0-api\ntomcat5-jsp-2.0-api-javadoc\ntomcat5-server-lib\ntomcat5-servlet-2.4-api\ntomcat5-servlet-2.4-api-javadoc\ntomcat5-webapps\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2012:0474", "cvss3": {}, "published": "2012-04-11T19:16:37", "type": "centos", "title": "tomcat5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4858", "CVE-2012-0022"], "modified": "2012-04-11T19:16:37", "id": "CESA-2012:0474", "href": "https://lists.centos.org/pipermail/centos-announce/2012-April/068045.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-01T04:46:11", "description": "**CentOS Errata and Security Advisory** CESA-2012:0475\n\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was found that the Java hashCode() method implementation was susceptible\nto predictable hash collisions. A remote attacker could use this flaw to\ncause Tomcat to use an excessive amount of CPU time by sending an HTTP\nrequest with a large number of parameters whose names map to the same hash\nvalue. This update introduces a limit on the number of parameters processed\nper request to mitigate this issue. The default limit is 512 for\nparameters and 128 for headers. These defaults can be changed by setting\nthe org.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2011-4858)\n\nIt was found that Tomcat did not handle large numbers of parameters and\nlarge parameter values efficiently. A remote attacker could make Tomcat\nuse an excessive amount of CPU time by sending an HTTP request containing a\nlarge number of parameters or large parameter values. This update\nintroduces limits on the number of parameters and headers processed per\nrequest to address this issue. Refer to the CVE-2011-4858 description for\ninformation about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.\n(CVE-2012-0022) \n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT\nacknowledges Julian W\u00e4lde and Alexander Klink as the original reporters of\nCVE-2011-4858.\n\nUsers of Tomcat should upgrade to these updated packages, which correct\nthese issues. Tomcat must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2012-April/068046.html\n\n**Affected packages:**\ntomcat6\ntomcat6-admin-webapps\ntomcat6-docs-webapp\ntomcat6-el-2.1-api\ntomcat6-javadoc\ntomcat6-jsp-2.1-api\ntomcat6-lib\ntomcat6-servlet-2.5-api\ntomcat6-webapps\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2012:0475", "cvss3": {}, "published": "2012-04-11T20:13:41", "type": "centos", "title": "tomcat6 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4858", "CVE-2012-0022"], "modified": "2012-04-11T20:13:41", "id": "CESA-2012:0475", "href": "https://lists.centos.org/pipermail/centos-announce/2012-April/068046.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "github": [{"lastseen": "2023-01-27T05:07:00", "description": "Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.", "cvss3": {}, "published": "2022-05-04T00:27:43", "type": "github", "title": "Denial of Service in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4858", "CVE-2012-0022"], "modified": "2023-01-27T05:02:09", "id": "GHSA-8H2Q-QM9X-55JC", "href": "https://github.com/advisories/GHSA-8h2q-qm9x-55jc", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2022-03-23T11:28:49", "description": "Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.", "cvss3": {}, "published": "2012-01-19T04:01:00", "type": "cve", "title": "CVE-2012-0022", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4858", "CVE-2012-0022"], "modified": "2019-03-25T11:33:00", "cpe": ["cpe:/a:apache:tomcat:5.5.12", "cpe:/a:apache:tomcat:7.0.17", "cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:tomcat:5.5.31", "cpe:/a:apache:tomcat:5.5.20", "cpe:/a:apache:tomcat:5.5.16", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:5.5.4", "cpe:/a:apache:tomcat:7.0.20", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:5.5.10", "cpe:/a:apache:tomcat:5.5.30", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:5.5.5", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:5.5.26", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:5.5.25", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:5.5.3", "cpe:/a:apache:tomcat:7.0.15", "cpe:/a:apache:tomcat:5.5.29", "cpe:/a:apache:tomcat:5.5.14", "cpe:/a:apache:tomcat:7.0.22", "cpe:/a:apache:tomcat:5.5.15", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:5.5.1", "cpe:/a:apache:tomcat:5.5.33", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:5.5.7", "cpe:/a:apache:tomcat:5.5.9", "cpe:/a:apache:tomcat:5.5.2", "cpe:/a:apache:tomcat:5.5.32", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:7.0.18", "cpe:/a:apache:tomcat:7.0.16", "cpe:/a:apache:tomcat:6.0.9", "cpe:/a:apache:tomcat:7.0.13", "cpe:/a:apache:tomcat:7.0.21", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:5.5.22", "cpe:/a:apache:tomcat:5.5.6", "cpe:/a:apache:tomcat:5.5.23", "cpe:/a:apache:tomcat:7.0.19", "cpe:/a:apache:tomcat:5.5.0", "cpe:/a:apache:tomcat:5.5.27", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:5.5.8", "cpe:/a:apache:tomcat:5.5.28", "cpe:/a:apache:tomcat:6.0.33", "cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:5.5.24", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:5.5.34", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:5.5.19", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:5.5.17", "cpe:/a:apache:tomcat:5.5.21", "cpe:/a:apache:tomcat:5.5.18", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:5.5.13", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:5.5.11", "cpe:/a:apache:tomcat:6.0.13"], "id": "CVE-2012-0022", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0022", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2023-01-26T13:37:38", "description": "## Releases\n\n * Ubuntu 11.10 \n * Ubuntu 11.04 \n * Ubuntu 10.10 \n * Ubuntu 10.04 \n\n## Packages\n\n * tomcat6 \\- Servlet and JSP engine\n\nIt was discovered that Tomcat incorrectly performed certain caching and \nrecycling operations. A remote attacker could use this flaw to obtain read \naccess to IP address and HTTP header information in certain cases. This \nissue only applied to Ubuntu 11.10. (CVE-2011-3375)\n\nIt was discovered that Tomcat computed hash values for form parameters \nwithout restricting the ability to trigger hash collisions predictably. \nA remote attacker could cause a denial of service by sending many crafted \nparameters. (CVE-2011-4858)\n\nIt was discovered that Tomcat incorrectly handled parameters. A remote \nattacker could cause a denial of service by sending requests with a large \nnumber of parameters and values. (CVE-2012-0022)\n", "cvss3": {}, "published": "2012-02-13T00:00:00", "type": "ubuntu", "title": "Tomcat vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3375", "CVE-2011-4858", "CVE-2012-0022"], "modified": "2012-02-13T00:00:00", "id": "USN-1359-1", "href": "https://ubuntu.com/security/notices/USN-1359-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ibm": [{"lastseen": "2022-09-29T21:26:08", "description": "## Abstract\n\nStorwize V7000 Unified includes multiple software components for which the vendors have provided fixes for security vulnerabilities in such components.\n\n## Content\n\n**VULNERABILITY DETAILS: ** \n \n**CVE ID:**\n\n**Vendor**| **Vendor ID**| **Vendor Title**| **Included CVEs** \n---|---|---|--- \nRed Hat| [_RHSA-2012-0143_](<https://rhn.redhat.com/errata/RHSA-2012-0143.html>)| Critical: xulrunner security update| [_CVE-2011-3026_](<https://www.redhat.com/security/data/cve/CVE-2011-3026.html>) \nRed Hat| [_RHSA-2012-0317_](<https://rhn.redhat.com/errata/RHSA-2012-0317.html>)| Important: libpng security update| [_CVE-2011-3026_](<https://www.redhat.com/security/data/cve/CVE-2011-3026.html>) \nRed Hat| [_RHSA-2012-0128_](<https://rhn.redhat.com/errata/RHSA-2012-0128.html>)| Moderate: httpd security update| [_CVE-2011-3639_](<https://www.redhat.com/security/data/cve/CVE-2011-3639.html>) \n[_CVE-2011-4317_](<https://www.redhat.com/security/data/cve/CVE-2011-4317.html>) \n[_CVE-2012-0053_](<CVE-2012-0053>) \nApache| [_Apache Tomcat 6.0.33_](<http://tomcat.apache.org/security-6.html>)| Fixed in Apache Tomcat 6.0.33| [_CVE-2011-1184_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184>) \n[_CVE-2011-2204_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204>) \n[_CVE-2011-2526_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526>) \nApache| [_Apache Tomcat 6.0.35_](<http://tomcat.apache.org/security-6.html>)| Fixed in Apache Tomcat 6.0.35| [_CVE-2011-3190_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190>) \n[_CVE-2011-3375_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3375>) \n[_CVE-2012-0022_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022>) \n \n \n**DESCRIPTION:** \nStorwize V7000 Unified has integrated updated versions of the software components for which the vendors have provided fixes for security vulnerabilities. \n \n \n**CVSS:** \nPlease see vendor documentation for CVSS scores and CVSS vector. \n \n \n**AFFECTED PLATFORMS: **\n\n * Affected releases: Storwize V7000 Unified 1.3 through 1.3.2.0. \n * Releases/systems/configurations NOT affected: Storwize 7000 Unified 1.3.2.3 and above, Storwize 7000 Unified 1.4.0.0 and above.\n\n**REMEDIATION: **\n\n \n**_Vendor Fix(es):_** The issue was fixed beginning with version Storwize V7000 Unified 1.3.2.3 and 1.4.0.0. Storwize V7000 Unified customers running an earlier version (e.g. Storwize V7000 Unified 1.3.2.0) must upgrade to Storwize V7000 Unified 1.3.2.3, 1.4.0.0 or a later version. \n \n \n**_Workaround(s):_** None. \n \n**_Mitigation(s):_** Storwize V7000 Unified is not exposed to CVE-2011-3026 during normal operation. Service procedures which use the Firefox web browser may activate the vulnerable code. Service personnel must not browse web pages on the internet to avoid the processing of web pages with malicious content. \n\nThe Tomcat related vulnerabilities are exposed to the Storwize V7000 Unified management and service IP addresses only, but not to the public IP addresses which are used for NAS data access. It is recommended that the management and service IP addresses will be attached to a management network only.\n\n \n \n \n**REFERENCES: ** \n\n\n * [](<https://www-304.ibm.com/support/docview.wss?uid=swg21496117&wv=1>)[__Complete CVSS Guide__](<http://www.first.org/cvss/v2/guide>)\n * [__On-line Calculator V2__](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n * * [_RHSA-2012-0143_](<https://rhn.redhat.com/errata/RHSA-2012-0143.html>) \n[_CVE-2011-3026_](<https://www.redhat.com/security/data/cve/CVE-2011-3026.html>) \n\n * [_RHSA-2012-0317_](<https://rhn.redhat.com/errata/RHSA-2012-0317.html>) \n[_CVE-2011-3026_](<https://www.redhat.com/security/data/cve/CVE-2011-3026.html>) \n\n * [_RHSA-2012-0128_](<https://rhn.redhat.com/errata/RHSA-2012-0128.html>) \n[_CVE-2011-3639_](<https://www.redhat.com/security/data/cve/CVE-2011-3639.html>) \n[_CVE-2011-4317_](<https://www.redhat.com/security/data/cve/CVE-2011-4317.html>) \n[_CVE-2012-0053_](<CVE-2012-0053>) \n\n * [_Apache Tomcat 6.0.33_](<http://tomcat.apache.org/security-6.html>) \n[_CVE-2011-1184_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184>) \n[_CVE-2011-2204_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204>) \n[_CVE-2011-2526_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526>) \n\n * [_Apache Tomcat 6.0.35_](<http://tomcat.apache.org/security-6.html>) \n[_CVE-2011-3190_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190>) \n[_CVE-2011-3375_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3375>) \n[_CVE-2012-0022_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022>)\n \n \n**RELATED INFORMATION: ** \n\n\n * [_IBM Secure Engineering Web Portal_](<https://www-304.ibm.com/jct03001c/security/secure-engineering/>)\n * [_IBM Product Security Incident Response Blog_](<https://www.ibm.com/blogs/PSIRT>)\n \n \n \n**CHANGE HISTORY: ** \n\n\n * _03/18/13: Original copy published._\n\n_The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. _\n\n \n**_Note: _**_According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" _ \n_IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY._\n\n[{\"Product\":{\"code\":\"ST5Q4U\",\"label\":\"IBM Storwize V7000 Unified (2073)\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"1.4\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"1.3;1.4\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}}]", "cvss3": {}, "published": "2022-09-26T04:23:14", "type": "ibm", "title": "Security Bulletin: Storwize V7000 Unified V1.3.2.3 and V1.4.0.0 Include Fixes for Multiple Vendor Security Vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3026", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-3639", "CVE-2011-4317", "CVE-2012-0022", "CVE-2012-0053"], "modified": "2022-09-26T04:23:14", "id": "C3B24D9C073C7840B6F13827EE7743D35E733053B2442D8C8AD0A06EAEC3B9DA", "href": "https://www.ibm.com/support/pages/node/689125", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-01T01:49:46", "description": "## Summary\n\nIBM Sterling B2B Integrator has integrated multiple security vulnerability fixes from Apache Log4j, please see list of CVEs for vulnerability details\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2017-5645](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5645>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by an error when using the TCP socket server or UDP socket server to receive serialized log events from another application. By deserializing a specially crafted binary payload, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/127479](<https://exchange.xforce.ibmcloud.com/vulnerabilities/127479>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-9488](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9488>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/180824](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180824>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-17571](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in SocketServer. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173314](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173314>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2010-1157](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error related to the generation of a realm name when one isn't specified for a web.xml application. A remote attacker could exploit this vulnerability using the WWW-Authenticate header to obtain the IP address or local hostname of the system. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/58055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/58055>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2010-2227](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by multiple flaws when handling Transfer-Encoding headers that prevents a buffer from recycling. By sending a specially-crafted request in a Transfer-Encoding header, a remote attacker could exploit this vulnerability to trigger the failure of subsequent requests or information leaks between the requests. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/60264](<https://exchange.xforce.ibmcloud.com/vulnerabilities/60264>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P) \n \n** CVEID: **[CVE-2010-4172](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the sessionsList.jsp script. A remote attacker could exploit this vulnerability using the sort or orderby parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/63422](<https://exchange.xforce.ibmcloud.com/vulnerabilities/63422>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2010-4312](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4312>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to hijack a valid user's session, caused by a missing HttpOnly mechanism flag in a Set-Cookie header. By persuading a victim to visit a specially-crafted link and log into the application, a remote attacker could exploit this vulnerability to hijack another user's account and possibly launch further attacks on the system. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/63477](<https://exchange.xforce.ibmcloud.com/vulnerabilities/63477>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2010-3718](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the ServletContect attribute being improperly restricted to read-only setting. An attacker could exploit this vulnerability to gain unauthorized read and write access to the system. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/65159](<https://exchange.xforce.ibmcloud.com/vulnerabilities/65159>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2011-0534](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by an error in the NIO connector when processing a request line. By sending a specially-crafted request, a remote attacker could exploit the vulnerability to cause an OutOfMemory error and crash the server. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/65162](<https://exchange.xforce.ibmcloud.com/vulnerabilities/65162>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2011-0013](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by when displaying web application data. A remote attacker could exploit this vulnerability using the HTML Manager interface to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/65160](<https://exchange.xforce.ibmcloud.com/vulnerabilities/65160>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2011-2526](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the improper validation of request attributes by sendfile. A remote attacker could exploit this vulnerability to obtain sensitive information and cause the JVM to crash. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/68541](<https://exchange.xforce.ibmcloud.com/vulnerabilities/68541>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P) \n \n** CVEID: **[CVE-2011-3190](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the improper handling of messages by the AJP protocol. A remote attacker could exploit this vulnerability to inject arbitrary AJP messages to bypass the authentication process and possibly obtain sensitive information. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/69472](<https://exchange.xforce.ibmcloud.com/vulnerabilities/69472>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2011-4858](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4858>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by insufficient randomization of hash data structures. By sending multiple specially-crafted HTTP POST requests to an affected application containing conflicting hash key values, a remote attacker could exploit this vulnerability to cause the consumption of CPU resources. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72016](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72016>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2011-1184](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by multiple errors related to the implementation of HTTP DIGEST authentication. A remote attacker could exploit this vulnerability to perform unauthorized actions. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/70052](<https://exchange.xforce.ibmcloud.com/vulnerabilities/70052>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2011-5063](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5063>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to check realm values by the HTTP Digest Access Authentication implementation. A remote attacker could exploit this vulnerability to bypass security restrictions. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72437](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72437>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2012-2733](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2733>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by the improper verification of the request headers by the parseHeaders() function. A remote attacker could exploit this vulnerability using specially-crafted headers to cause an out-of-memory exception. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/79806](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79806>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2011-5064](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5064>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the use of Catalina as the hard-coded private key by DigestAuthenticator.java within the HTTP Digest Access Authentication implementation. A remote attacker could exploit this vulnerability to bypass cryptographic protection mechanisms. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72438](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72438>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2012-0022](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of an overly large number of parameter and parameter values. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to consume an overly large amount of CPU resources. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72425>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2011-5062](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5062>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to check qop values by the HTTP Digest Access Authentication implementation. A remote attacker could exploit this vulnerability to bypass intended integrity-protection requirements. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72436](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72436>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2012-5885](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5885>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the tracking of cnonce values instead of nonce and nc values by the replay-countermeasure functionality in the HTTP Digest Access Authentication implementation. By sniffing the network, a remote attacker could exploit this vulnerability to bypass security restrictions. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/80408](<https://exchange.xforce.ibmcloud.com/vulnerabilities/80408>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-5886](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5886>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the caching of information about the authenticated user within the session state by the HTTP Digest Access Authentication implementation. A remote attacker could exploit this vulnerability to bypass security restrictions. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/80407](<https://exchange.xforce.ibmcloud.com/vulnerabilities/80407>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-5887](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5887>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly check server nonces by the DIGEST authentication mechanism. A remote attacker could exploit this vulnerability to gain unauthorized access to the system. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/79809](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79809>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-3546](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3546>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in the FormAuthenticator component during FORM authentication. By leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI, an attacker could exploit his vulnerability to bypass the authentication mechanism and gain unauthorized access to the system. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/80517](<https://exchange.xforce.ibmcloud.com/vulnerabilities/80517>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-4431](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in the doFilter() method. By sending a specially-crafted request to a protected source without a session identifier present in the request, an attacker could exploit this vulnerability to bypass the CSRF prevention filter and gain unauthorized access to the system. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/80518](<https://exchange.xforce.ibmcloud.com/vulnerabilities/80518>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-4534](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4534>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by an error when using the NIO connector with sendfile and HTTPS enabled. A remote attacker could exploit this vulnerability to cause the application to enter an infinite loop and consume all available CPU resources. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/80516](<https://exchange.xforce.ibmcloud.com/vulnerabilities/80516>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2012-3544](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by the failure to properly handle chunk extensions in chunked transfer coding. By streaming data, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/84952](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84952>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2013-2067](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2067>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to hijack a valid user's session, caused by the improper validation of session cookies by the FormAuthenticator module. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to hijack another user's session and possibly launch further attacks on the system. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/84154](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84154>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2013-2185](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2185>) \n** DESCRIPTION: **Red Hat JBoss Enterprise Application Platform could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the implementation of the DiskFileItem class. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability using serialized instance of the DiskFileItem class to upload a file containing a NULL byte, which could allow the attacker to execute arbitrary PHP code on the vulnerable system. \nCVSS Base score: 6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/87273](<https://exchange.xforce.ibmcloud.com/vulnerabilities/87273>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2013-4286](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to HTTP request smuggling, caused by an incomplete fix related to the handling of malicious request. By sending a specially-crafted request in a Transfer-Encoding: chunked header and a Content-length header to the Apache HTTP server that will be reassembled with the original Content-Length header value, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/91426](<https://exchange.xforce.ibmcloud.com/vulnerabilities/91426>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2013-4322](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by an incomplete fix related to the processing of chunked transfer coding without properly handling a large total amount of chunked data or whitespace characters in an HTTP header value. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/91625](<https://exchange.xforce.ibmcloud.com/vulnerabilities/91625>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2013-4590](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when running untrusted web applications. By sending a specially-crafted request, an attacker could exploit this vulnerability to read arbitrary files and obtain sensitive information. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/91424](<https://exchange.xforce.ibmcloud.com/vulnerabilities/91424>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2014-0075](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by an integer overflow in the parseChunkHeader function. A remote attacker could exploit this vulnerability using a malformed chunk size as part of a chunked request to consume all available resources. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/93365](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93365>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2014-0096](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data by the default server. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/93367](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93367>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2014-0099](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/93369](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93369>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2014-0119](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the replacement of the XML parsers used to process XSLTs for the default servlet. An attacker could exploit this vulnerability using a specially-crafted application to obtain sensitive information. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/93368](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93368>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2013-4444](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4444>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the File Upload feature. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious JSP, which could allow the attacker to execute arbitrary JSP code on the vulnerable system. \nCVSS Base score: 6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95876](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95876>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2014-0227](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to HTTP request smuggling. A remote attacker could send a specially-crafted request in a malformed chunked header to the Web server to cause multiple processing conflicts on the servers. An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/100751](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100751>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2014-0230](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0230>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by an error when an HTTP response is returned before the entire request body is fully read. An attacker could exploit this vulnerability using a series of aborted upload attempts to cause a denial of service. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/102131](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102131>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2014-7810](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the use of expression language. An attacker could exploit this vulnerability to bypass the protections of a Security Manager. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/103155](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103155>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2015-5174](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5174>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) in the getResource(), getResourceAsStream() and getResourcePaths() ServletContext methods to obtain a directory listing for the directory. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/110860](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110860>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2015-5345](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5345>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/110857](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110857>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-0706](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0706>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the loading of the StatusManagerServlet during the configuration of a security manager. An attacker could exploit this vulnerability to obtain deployed applications and other sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/110855](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110855>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-0714](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0714>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in multiple session persistence mechanisms. By placing a malicious object into a session, an attacker could exploit this vulnerability to bypass a security manager and possibly execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/110856](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110856>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-6816](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/119158](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2017-5647](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5647>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error in the processing of pipelined requests in send file. An attacker could exploit this vulnerability to obtain sensitive information from the wrong response. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124400](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124400>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-0762](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0762>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118407](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118407>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-5018](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5018>) \n** DESCRIPTION: **Apache Tomcat could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using a Tomcat utility method to bypass a configured SecurityManager. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118406](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118406>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2016-6794](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6794>) \n** DESCRIPTION: **Apache Tomcat could allow a local attacker to obtain sensitive information, caused by an error in the system property replacement feature. An attacker could exploit this vulnerability to bypass the SecurityManager and read system properties. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118405](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118405>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-6796](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6796>) \n** DESCRIPTION: **Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118404](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118404>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-8022](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8022>) \n** DESCRIPTION: **tomcat package for openSUSE could allow a local authenticated attacker to gain elevated privileges on the system, caused by an incorrect default permission flaw. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges as root. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184110](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184110>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| APAR(s)| Version(s) \n---|---|--- \nIBM Sterling B2B Integrator| IT37848| 5.2.0.0 - 6.0.3.4 \nIBM Sterling B2B Integrator| IT37848| 6.1.0.0 - 6.1.0.3 \n \n\n\n## Remediation/Fixes\n\nProduct & Version| Remediation & Fix \n---|--- \n5.2.0.0 - 6.0.3.4| Apply IBM Sterling B2B Integrator version 6.0.3.5 or 6.1.1.0 on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>) \n6.1.0.0 - 6.1.0.3| Apply IBM Sterling B2B Integrator version 6.1.1.0 on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n1st Oct 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SS3JSW\",\"label\":\"Sterling B2B Integrator\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF051\",\"label\":\"Linux on IBM Z Systems\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF012\",\"label\":\"IBM i\"}],\"Version\":\"5.2.0.0 - 6.1.1.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-06T14:56:49", "type": "ibm", "title": "Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227", "CVE-2010-3718", "CVE-2010-4172", "CVE-2010-4312", "CVE-2011-0013", "CVE-2011-0534", "CVE-2011-1184", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022", "CVE-2012-2733", "CVE-2012-3544", "CVE-2012-3546", "CVE-2012-4431", "CVE-2012-4534", "CVE-2012-5885", "CVE-2012-5886", "CVE-2012-5887", "CVE-2013-2067", "CVE-2013-2185", "CVE-2013-4286", "CVE-2013-4322", "CVE-2013-4444", "CVE-2013-4590", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119", "CVE-2014-0227", "CVE-2014-0230", "CVE-2014-7810", "CVE-2015-5174", "CVE-2015-5345", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6816", "CVE-2017-5645", "CVE-2017-5647", "CVE-2019-17571", "CVE-2020-8022", "CVE-2020-9488"], "modified": "2021-10-06T14:56:49", "id": "B5810DD31544DECD338CCD71F5C05C78B267068FE3FD01928B5545B05BEE5FA0", "href": "https://www.ibm.com/support/pages/node/6496741", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-09-29T21:26:01", "description": "## Abstract\n\nSONAS includes multiple software components for which the vendors have provided fixes for security vulnerabilities in such components.\n\n## Content\n\n**VULNERABILITY DETAILS: ** \n \n**CVE ID:**\n\n**Vendor**| **Vendor ID**| **Vendor Title**| **Included CVEs** \n---|---|---|--- \nIBM| [_TSM 6.3.1.0_](<http://www-01.ibm.com/support/docview.wss?uid=swg21615292>)| Two unauthorized access vulnerabilities in IBM TSM for Space Management| [_CVE-2012-4859_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4859>) \n[_CVE-2012-5954_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5954>) \nRed Hat| [_RHSA-2012-0128_](<https://rhn.redhat.com/errata/RHSA-2012-0128.html>)| Moderate: httpd security update| [_CVE-2011-3639_](<https://www.redhat.com/security/data/cve/CVE-2011-3639.html>) \nApache| [_Apache Tomcat 6.0.33_](<http://tomcat.apache.org/security-6.html>)| Fixed in Apache Tomcat 6.0.33| [_CVE-2011-1184_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184>) \nApache| [_Apache Tomcat 6.0.35_](<http://tomcat.apache.org/security-6.html>)| Fixed in Apache Tomcat 6.0.35| [_CVE-2011-3190_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190>) \nIBM| [_IBM Java 6.0.0 SR12_](<https://www.ibm.com/developerworks/java/jdk/alerts/>)| Oracle October 16 2012 CPU| [_CVE-2012-5081_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081>) \nRed Hat| [_RHSA-2012-0143_](<https://rhn.redhat.com/errata/RHSA-2012-0143.html>)| Critical: xulrunner security update| [_CVE-2011-3026_](<https://www.redhat.com/security/data/cve/CVE-2011-3026.html>) \nRed Hat| [_RHSA-2012-0317_](<https://rhn.redhat.com/errata/RHSA-2012-0317.html>)| Important: libpng security update| [_CVE-2011-3026_](<https://www.redhat.com/security/data/cve/CVE-2011-3026.html>) \nRed Hat| [_RHSA-2012-1210_](<https://rhn.redhat.com/errata/RHSA-2012-1210.html>)| Critical: firefox security update| [_CVE-2012-1970_](<https://www.redhat.com/security/data/cve/CVE-2012-1970.html>) \n[_CVE-2012-1972_](<https://www.redhat.com/security/data/cve/CVE-2012-1972.html>) \n[_CVE-2012-1973_](<https://www.redhat.com/security/data/cve/CVE-2012-1973.html>) \n[_CVE-2012-1974_](<https://www.redhat.com/security/data/cve/CVE-2012-1974.html>) \n[_CVE-2012-1975_](<https://www.redhat.com/security/data/cve/CVE-2012-1975.html>) \n[_CVE-2012-1976_](<https://www.redhat.com/security/data/cve/CVE-2012-1976.html>) \n[_CVE-2012-3956_](<https://www.redhat.com/security/data/cve/CVE-2012-3956.html>) \n[_CVE-2012-3957_](<https://www.redhat.com/security/data/cve/CVE-2012-3957.html>) \n[_CVE-2012-3958_](<https://www.redhat.com/security/data/cve/CVE-2012-3958.html>) \n[_CVE-2012-3959_](<https://www.redhat.com/security/data/cve/CVE-2012-3959.html>) \n[_CVE-2012-3960_](<https://www.redhat.com/security/data/cve/CVE-2012-3960.html>) \n[_CVE-2012-3961_](<https://www.redhat.com/security/data/cve/CVE-2012-3961.html>) \n[_CVE-2012-3962_](<https://www.redhat.com/security/data/cve/CVE-2012-3962.html>) \n[_CVE-2012-3963_](<https://www.redhat.com/security/data/cve/CVE-2012-3963.html>) \n[_CVE-2012-3964_](<https://www.redhat.com/security/data/cve/CVE-2012-3964.html>) \n[_CVE-2012-3966_](<https://www.redhat.com/security/data/cve/CVE-2012-3966.html>) \n[_CVE-2012-3967_](<https://www.redhat.com/security/data/cve/CVE-2012-3967.html>) \n[_CVE-2012-3968_](<https://www.redhat.com/security/data/cve/CVE-2012-3968.html>) \n[_CVE-2012-3969_](<https://www.redhat.com/security/data/cve/CVE-2012-3969.html>) \n[_CVE-2012-3970_](<https://www.redhat.com/security/data/cve/CVE-2012-3970.html>) \n[_CVE-2012-3972_](<https://www.redhat.com/security/data/cve/CVE-2012-3972.html>) \n[_CVE-2012-3976_](<https://www.redhat.com/security/data/cve/CVE-2012-3976.html>) \n[_CVE-2012-3978_](<https://www.redhat.com/security/data/cve/CVE-2012-3978.html>) \n[_CVE-2012-3980_](<https://www.redhat.com/security/data/cve/CVE-2012-3980.html>) \nRed Hat| [_RHSA-2012-1350_](<https://rhn.redhat.com/errata/RHSA-2012-1350.html>)| Critical: firefox security and bug fix update| [_CVE-2012-1956_](<https://www.redhat.com/security/data/cve/CVE-2012-1956.html>) \n[_CVE-2012-3982_](<https://www.redhat.com/security/data/cve/CVE-2012-3982.html>) \n[_CVE-2012-3986_](<https://www.redhat.com/security/data/cve/CVE-2012-3986.html>) \n[_CVE-2012-3988_](<https://www.redhat.com/security/data/cve/CVE-2012-3988.html>) \n[_CVE-2012-3990_](<https://www.redhat.com/security/data/cve/CVE-2012-3990.html>) \n[_CVE-2012-3991_](<https://www.redhat.com/security/data/cve/CVE-2012-3991.html>) \n[_CVE-2012-3992_](<https://www.redhat.com/security/data/cve/CVE-2012-3992.html>) \n[_CVE-2012-3993_](<https://www.redhat.com/security/data/cve/CVE-2012-3993.html>) \n[_CVE-2012-3994_](<https://www.redhat.com/security/data/cve/CVE-2012-3994.html>) \n[_CVE-2012-3995_](<https://www.redhat.com/security/data/cve/CVE-2012-3995.html>) \n[_CVE-2012-4179_](<https://www.redhat.com/security/data/cve/CVE-2012-4179.html>) \n[_CVE-2012-4180_](<https://www.redhat.com/security/data/cve/CVE-2012-4180.html>) \n[_CVE-2012-4181_](<https://www.redhat.com/security/data/cve/CVE-2012-4181.html>) \n[_CVE-2012-4182_](<https://www.redhat.com/security/data/cve/CVE-2012-4182.html>) \n[_CVE-2012-4183_](<https://www.redhat.com/security/data/cve/CVE-2012-4183.html>) \n[_CVE-2012-4184_](<https://www.redhat.com/security/data/cve/CVE-2012-4184.html>) \n[_CVE-2012-4185_](<https://www.redhat.com/security/data/cve/CVE-2012-4185.html>) \n[_CVE-2012-4186_](<https://www.redhat.com/security/data/cve/CVE-2012-4186.html>) \n[_CVE-2012-4187_](<https://www.redhat.com/security/data/cve/CVE-2012-4187.html>) \n[_CVE-2012-4188_](<https://www.redhat.com/security/data/cve/CVE-2012-4188.html>) \nRed Hat| [_RHSA-2012-1361_](<https://rhn.redhat.com/errata/RHSA-2012-1361.html>)| Critical: xulrunner security update| [_CVE-2012-4193_](<https://www.redhat.com/security/data/cve/CVE-2012-4193.html>) \nRed Hat| [_RHSA-2012-1407_](<https://rhn.redhat.com/errata/RHSA-2012-1407.html>)| Critical: firefox security update| [_CVE-2012-4194_](<https://www.redhat.com/security/data/cve/CVE-2012-4194.html>) \n[_CVE-2012-4195_](<https://www.redhat.com/security/data/cve/CVE-2012-4195.html>) \n[_CVE-2012-4196_](<https://www.redhat.com/security/data/cve/CVE-2012-4196.html>) \nRed Hat| [_RHSA-2012-1482_](<https://rhn.redhat.com/errata/RHSA-2012-1482.html>)| Critical: firefox security update| [_CVE-2012-4201_](<https://www.redhat.com/security/data/cve/CVE-2012-4201.html>) \n[_CVE-2012-4202_](<https://www.redhat.com/security/data/cve/CVE-2012-4202.html>) \n[_CVE-2012-4207_](<https://www.redhat.com/security/data/cve/CVE-2012-4207.html>) \n[_CVE-2012-4209_](<https://www.redhat.com/security/data/cve/CVE-2012-4209.html>) \n[_CVE-2012-4210_](<https://www.redhat.com/security/data/cve/CVE-2012-4210.html>) \n[_CVE-2012-4214_](<https://www.redhat.com/security/data/cve/CVE-2012-4214.html>) \n[_CVE-2012-4215_](<https://www.redhat.com/security/data/cve/CVE-2012-4215.html>) \n[_CVE-2012-4216_](<https://www.redhat.com/security/data/cve/CVE-2012-4216.html>) \n[_CVE-2012-5829_](<https://www.redhat.com/security/data/cve/CVE-2012-5829.html>) \n[_CVE-2012-5830_](<https://www.redhat.com/security/data/cve/CVE-2012-5830.html>) \n[_CVE-2012-5833_](<https://www.redhat.com/security/data/cve/CVE-2012-5833.html>) \n[_CVE-2012-5835_](<https://www.redhat.com/security/data/cve/CVE-2012-5835.html>) \n[_CVE-2012-5839_](<https://www.redhat.com/security/data/cve/CVE-2012-5839.html>) \n[_CVE-2012-5840_](<https://www.redhat.com/security/data/cve/CVE-2012-5840.html>) \n[_CVE-2012-5841_](<https://www.redhat.com/security/data/cve/CVE-2012-5841.html>) \n[_CVE-2012-5842_](<https://www.redhat.com/security/data/cve/CVE-2012-5842.html>) \nRed Hat| [](<https://rhn.redhat.com/errata/RHSA-2012-1361.html>)[_RHSA-2012-0699_](<https://rhn.redhat.com/errata/RHSA-2012-0699.html>)| Moderate: openssl security and bug fix update| [_ CVE-2012-2333_](<https://www.redhat.com/security/data/cve/CVE-2012-2333.html>) \nRed Hat| [_RHSA-2012-0518_](<https://rhn.redhat.com/errata/RHSA-2012-0518.html>)| Important: openssl security update| [_ CVE-2012-2110_](<https://www.redhat.com/security/data/cve/CVE-2012-2110.html>) \nRed Hat| [_RHSA-2012-0426_](<https://rhn.redhat.com/errata/RHSA-2012-0426.html>)| Moderate: openssl security and bug fix update| [_ CVE-2012-0884_](<https://www.redhat.com/security/data/cve/CVE-2012-0884.html>) \n[_ CVE-2012-1165_](<https://www.redhat.com/security/data/cve/CVE-2012-1165.html>) \n \n**DESCRIPTION:** \nSONAS has integrated updated versions of the software components for which the vendors have provided fixes for security vulnerabilities. \n \n \n**CVSS:** \nPlease see vendor documentation for CVSS scores and CVSS vector. \n \n \n**AFFECTED PLATFORMS: **\n\n * Affected releases: SONAS 1.1 through 1.3.2.2.\n * Releases/systems/configurations NOT affected: SONAS 1.3.2.3 and above.\n \n\n\n**REMEDIATION: **\n\n \n**_Vendor Fix(es):_** The issue was fixed beginning with version SONAS 1.3.2.3. SONAS customers running an earlier SONAS version (e.g. SONAS 1.3.2.1) must upgrade to SONAS 1.3.2.3 or a later version. \n \n \n**_Workaround(s):_** None. \n \n**_Mitigation(s):_** SONAS is not exposed to CVEs related to Firefox and Xulrunner and to CVE-2011-3026 during normal operation. Service procedures which use the Firefox web browser may activate the vulnerable code. Service personnel must not browse web pages on the internet to avoid the processing of web pages with malicious content. \n\nThe Tomcat related vulnerabilities are exposed to the SONAS management and service IP addresses only, but not to the public IP addresses which are used for NAS data access. It is recommended that the management and service IP addresses will be attached to a management network only.\n\nCVE-2012-4859 is not directly exploitable on SONAS, because SONAS does not provide a capability to logon as native Unix or Linux user.\n\nCVE-2012-5954 impacts only SONAS systems, which are configured with TSM HSM.\n\n \n \n \n**REFERENCES: **\n\n * [__Complete CVSS Guide__](<http://www.first.org/cvss/v2/guide>)\n * [__On-line Calculator V2__](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n * [_TSM 6.3.1.0_](<http://www-01.ibm.com/support/docview.wss?uid=swg21615292>)\n \n[_CVE-2012-4859_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4859>) \n[_CVE-2012-5954_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5954>)\n * [_RHSA-2012-0128_](<https://rhn.redhat.com/errata/RHSA-2012-0128.html>)\n \n[_CVE-2011-3639_](<https://www.redhat.com/security/data/cve/CVE-2011-3639.html>) \n[_CVE-2011-4317_](<https://www.redhat.com/security/data/cve/CVE-2011-4317.html>) \n[_CVE-2012-0053_](<file:///C:/Users/ADMINI~1.IMG/AppData/Local/Temp/notesC9812B/CVE-2012-0053>)\n * [_Apache Tomcat 6.0.33_](<http://tomcat.apache.org/security-6.html>)\n \n[_CVE-2011-1184_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184>) \n[_CVE-2011-2204_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204>) \n[_CVE-2011-2526_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526>) \n\n * [_Apache Tomcat 6.0.35_](<http://tomcat.apache.org/security-6.html>)\n \n[_CVE-2011-3190_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190>) \n[_CVE-2011-3375_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3375>) \n[_CVE-2012-0022_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022>) \n\n * [_IBM Java 6.0.0 SR12_](<https://www.ibm.com/developerworks/java/jdk/alerts/>)\n \n[_CVE-2012-5081_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081>) \n\n * [_RHSA-2012-0143_](<https://rhn.redhat.com/errata/RHSA-2012-0143.html>)\n \n[_CVE-2011-3026_](<https://www.redhat.com/security/data/cve/CVE-2011-3026.html>) \n\n * [_RHSA-2012-0317_](<https://rhn.redhat.com/errata/RHSA-2012-0317.html>)\n \n[_CVE-2011-3026_](<https://www.redhat.com/security/data/cve/CVE-2011-3026.html>) \n\n * [_RHSA-2012-1210_](<https://rhn.redhat.com/errata/RHSA-2012-1210.html>)\n \n[_CVE-2012-1970_](<https://www.redhat.com/security/data/cve/CVE-2012-1970.html>) \n[_CVE-2012-1972_](<https://www.redhat.com/security/data/cve/CVE-2012-1972.html>) \n[_CVE-2012-1973_](<https://www.redhat.com/security/data/cve/CVE-2012-1973.html>) \n[_CVE-2012-1974_](<https://www.redhat.com/security/data/cve/CVE-2012-1974.html>) \n[_CVE-2012-1975_](<https://www.redhat.com/security/data/cve/CVE-2012-1975.html>) \n[_CVE-2012-1976_](<https://www.redhat.com/security/data/cve/CVE-2012-1976.html>) \n[_CVE-2012-3956_](<https://www.redhat.com/security/data/cve/CVE-2012-3956.html>) \n[_CVE-2012-3957_](<https://www.redhat.com/security/data/cve/CVE-2012-3957.html>) \n[_CVE-2012-3958_](<https://www.redhat.com/security/data/cve/CVE-2012-3958.html>) \n[_CVE-2012-3959_](<https://www.redhat.com/security/data/cve/CVE-2012-3959.html>) \n[_CVE-2012-3960_](<https://www.redhat.com/security/data/cve/CVE-2012-3960.html>) \n[_CVE-2012-3961_](<https://www.redhat.com/security/data/cve/CVE-2012-3961.html>) \n[_CVE-2012-3962_](<https://www.redhat.com/security/data/cve/CVE-2012-3962.html>) \n[_CVE-2012-3963_](<https://www.redhat.com/security/data/cve/CVE-2012-3963.html>) \n[_CVE-2012-3964_](<https://www.redhat.com/security/data/cve/CVE-2012-3964.html>) \n[_CVE-2012-3966_](<https://www.redhat.com/security/data/cve/CVE-2012-3966.html>) \n[_CVE-2012-3967_](<https://www.redhat.com/security/data/cve/CVE-2012-3967.html>) \n[_CVE-2012-3968_](<https://www.redhat.com/security/data/cve/CVE-2012-3968.html>) \n[_CVE-2012-3969_](<https://www.redhat.com/security/data/cve/CVE-2012-3969.html>) \n[_CVE-2012-3970_](<https://www.redhat.com/security/data/cve/CVE-2012-3970.html>) \n[_CVE-2012-3972_](<https://www.redhat.com/security/data/cve/CVE-2012-3972.html>) \n[_CVE-2012-3976_](<https://www.redhat.com/security/data/cve/CVE-2012-3976.html>) \n[_CVE-2012-3978_](<https://www.redhat.com/security/data/cve/CVE-2012-3978.html>) \n[_CVE-2012-3980_](<https://www.redhat.com/security/data/cve/CVE-2012-3980.html>)\n * [_RHSA-2012-1350_](<https://rhn.redhat.com/errata/RHSA-2012-1350.html>)\n \n[_CVE-2012-1956_](<https://www.redhat.com/security/data/cve/CVE-2012-1956.html>) \n[_CVE-2012-3982_](<https://www.redhat.com/security/data/cve/CVE-2012-3982.html>) \n[_CVE-2012-3986_](<https://www.redhat.com/security/data/cve/CVE-2012-3986.html>) \n[_CVE-2012-3988_](<https://www.redhat.com/security/data/cve/CVE-2012-3988.html>) \n[_CVE-2012-3990_](<https://www.redhat.com/security/data/cve/CVE-2012-3990.html>) \n[_CVE-2012-3991_](<https://www.redhat.com/security/data/cve/CVE-2012-3991.html>) \n[_CVE-2012-3992_](<https://www.redhat.com/security/data/cve/CVE-2012-3992.html>) \n[_CVE-2012-3993_](<https://www.redhat.com/security/data/cve/CVE-2012-3993.html>) \n[_CVE-2012-3994_](<https://www.redhat.com/security/data/cve/CVE-2012-3994.html>) \n[_CVE-2012-3995_](<https://www.redhat.com/security/data/cve/CVE-2012-3995.html>) \n[_CVE-2012-4179_](<https://www.redhat.com/security/data/cve/CVE-2012-4179.html>) \n[_CVE-2012-4180_](<https://www.redhat.com/security/data/cve/CVE-2012-4180.html>) \n[_CVE-2012-4181_](<https://www.redhat.com/security/data/cve/CVE-2012-4181.html>) \n[_CVE-2012-4182_](<https://www.redhat.com/security/data/cve/CVE-2012-4182.html>) \n[_CVE-2012-4183_](<https://www.redhat.com/security/data/cve/CVE-2012-4183.html>) \n[_CVE-2012-4184_](<https://www.redhat.com/security/data/cve/CVE-2012-4184.html>) \n[_CVE-2012-4185_](<https://www.redhat.com/security/data/cve/CVE-2012-4185.html>) \n[_CVE-2012-4186_](<https://www.redhat.com/security/data/cve/CVE-2012-4186.html>) \n[_CVE-2012-4187_](<https://www.redhat.com/security/data/cve/CVE-2012-4187.html>) \n[_CVE-2012-4188_](<https://www.redhat.com/security/data/cve/CVE-2012-4188.html>) \n\n * [_RHSA-2012-1361_](<https://rhn.redhat.com/errata/RHSA-2012-1361.html>)\n \n[_CVE-2012-4193_](<https://www.redhat.com/security/data/cve/CVE-2012-4193.html>) \n\n * [_RHSA-2012-1407_](<https://rhn.redhat.com/errata/RHSA-2012-1407.html>)\n \n[_CVE-2012-4194_](<https://www.redhat.com/security/data/cve/CVE-2012-4194.html>) \n[_CVE-2012-4195_](<https://www.redhat.com/security/data/cve/CVE-2012-4195.html>) \n[_CVE-2012-4196_](<https://www.redhat.com/security/data/cve/CVE-2012-4196.html>) \n\n * [_RHSA-2012-1482_](<https://rhn.redhat.com/errata/RHSA-2012-1482.html>)\n \n[_CVE-2012-4201_](<https://www.redhat.com/security/data/cve/CVE-2012-4201.html>) \n[_CVE-2012-4202_](<https://www.redhat.com/security/data/cve/CVE-2012-4202.html>) \n[_CVE-2012-4207_](<https://www.redhat.com/security/data/cve/CVE-2012-4207.html>) \n[_CVE-2012-4209_](<https://www.redhat.com/security/data/cve/CVE-2012-4209.html>) \n[_CVE-2012-4210_](<https://www.redhat.com/security/data/cve/CVE-2012-4210.html>) \n[_CVE-2012-4214_](<https://www.redhat.com/security/data/cve/CVE-2012-4214.html>) \n[_CVE-2012-4215_](<https://www.redhat.com/security/data/cve/CVE-2012-4215.html>) \n[_CVE-2012-4216_](<https://www.redhat.com/security/data/cve/CVE-2012-4216.html>) \n[_CVE-2012-5829_](<https://www.redhat.com/security/data/cve/CVE-2012-5829.html>) \n[_CVE-2012-5830_](<https://www.redhat.com/security/data/cve/CVE-2012-5830.html>) \n[_CVE-2012-5833_](<https://www.redhat.com/security/data/cve/CVE-2012-5833.html>) \n[_CVE-2012-5835_](<https://www.redhat.com/security/data/cve/CVE-2012-5835.html>) \n[_CVE-2012-5839_](<https://www.redhat.com/security/data/cve/CVE-2012-5839.html>) \n[_CVE-2012-5840_](<https://www.redhat.com/security/data/cve/CVE-2012-5840.html>) \n[_CVE-2012-5841_](<https://www.redhat.com/security/data/cve/CVE-2012-5841.html>) \n[_CVE-2012-5842_](<https://www.redhat.com/security/data/cve/CVE-2012-5842.html>)\n * [](<https://rhn.redhat.com/errata/RHSA-2012-1482.html>)[](<https://rhn.redhat.com/errata/RHSA-2012-1361.html>)[_RHSA-2012-0699_](<https://rhn.redhat.com/errata/RHSA-2012-0699.html>)\n \n[_CVE-2012-2333_](<https://www.redhat.com/security/data/cve/CVE-2012-2333.html>)\n * [_RHSA-2012-0518_](<https://rhn.redhat.com/errata/RHSA-2012-0518.html>)\n \n[_CVE-2012-2110_](<https://www.redhat.com/security/data/cve/CVE-2012-2110.html>)\n * [_RHSA-2012-0426_](<https://rhn.redhat.com/errata/RHSA-2012-0426.html>)\n \n[_CVE-2012-0884_](<https://www.redhat.com/security/data/cve/CVE-2012-0884.html>) \n[_CVE-2012-1165_](<https://www.redhat.com/security/data/cve/CVE-2012-1165.html>) \n**RELATED INFORMATION: ** \n\n\n * [_IBM Secure Engineering Web Portal_](<https://www-304.ibm.com/jct03001c/security/secure-engineering/>)\n * [_IBM Product Security Incident Response Blog_](<https://www.ibm.com/blogs/PSIRT>)\n \n \n \n**CHANGE HISTORY: ** \n\n\n * _28/03/2013__: Original copy published._\n * _03/04/2013__: Restructured the document as per new guidelines._\n * _30/01/2014__: Restructured the document_\n\n_The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. _\n\n \n**_Note: _**_According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY._\n\n[{\"Product\":{\"code\":\"STAV45\",\"label\":\"Network Attached Storage (NAS)-\\u003EScale Out Network Attached Storage\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"1.3.2\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"1.3.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-26T04:23:14", "type": "ibm", "title": "Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3026", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-3639", "CVE-2011-4317", "CVE-2012-0022", "CVE-2012-0053", "CVE-2012-0884", "CVE-2012-1165", "CVE-2012-1956", "CVE-2012-1970", "CVE-2012-1972", "CVE-2012-1973", "CVE-2012-1974", "CVE-2012-1975", "CVE-2012-1976", "CVE-2012-2110", "CVE-2012-2333", "CVE-2012-3956", "CVE-2012-3957", "CVE-2012-3958", "CVE-2012-3959", "CVE-2012-3960", "CVE-2012-3961", "CVE-2012-3962", "CVE-2012-3963", "CVE-2012-3964", "CVE-2012-3966", "CVE-2012-3967", "CVE-2012-3968", "CVE-2012-3969", "CVE-2012-3970", "CVE-2012-3972", "CVE-2012-3976", "CVE-2012-3978", "CVE-2012-3980", "CVE-2012-3982", "CVE-2012-3986", "CVE-2012-3988", "CVE-2012-3990", "CVE-2012-3991", "CVE-2012-3992", "CVE-2012-3993", "CVE-2012-3994", "CVE-2012-3995", "CVE-2012-4179", "CVE-2012-4180", "CVE-2012-4181", "CVE-2012-4182", "CVE-2012-4183", "CVE-2012-4184", "CVE-2012-4185", "CVE-2012-4186", "CVE-2012-4187", "CVE-2012-4188", "CVE-2012-4193", "CVE-2012-4194", "CVE-2012-4195", "CVE-2012-4196", "CVE-2012-4201", "CVE-2012-4202", "CVE-2012-4207", "CVE-2012-4209", "CVE-2012-4210", "CVE-2012-4214", "CVE-2012-4215", "CVE-2012-4216", "CVE-2012-4859", "CVE-2012-5081", "CVE-2012-5829", "CVE-2012-5830", "CVE-2012-5833", "CVE-2012-5835", "CVE-2012-5839", "CVE-2012-5840", "CVE-2012-5841", "CVE-2012-5842", "CVE-2012-5954"], "modified": "2022-09-26T04:23:14", "id": "52BFEC965C91FFF9EB67268FE505ABA82DAD2FDA3420E0AE67F8478C590BB2EA", "href": "https://www.ibm.com/support/pages/node/689121", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2021-10-22T00:04:24", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2401-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 02, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat6\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190 \n CVE-2011-3375 CVE-2011-4858 CVE-2011-5062 CVE-2011-5063 \n CVE-2011-5064 CVE-2012-0022 \n\nSeveral vulnerabilities have been found in Tomcat, a servlet and JSP \nengine:\n\nCVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064\n\n The HTTP Digest Access Authentication implementation performed\n insufficient countermeasures against replay attacks.\n\nCVE-2011-2204\n\n In rare setups passwords were written into a logfile.\n\nCVE-2011-2526\n \n Missing input sanisiting in the HTTP APR or HTTP NIO connectors\n could lead to denial of service.\n\nCVE-2011-3190\n\n AJP requests could be spoofed in some setups.\n\nCVE-2011-3375\n\n Incorrect request caching could lead to information disclosure.\n\nCVE-2011-4858 CVE-2012-0022\n\n This update adds countermeasures against a collision denial of \n service vulnerability in the Java hashtable implementation and\n addresses denial of service potentials when processing large\n amounts of requests.\n\nAdditional information can be \nfound at http://tomcat.apache.org/security-6.html \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6.0.35-1+squeeze2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 6.0.35-1.\n\nWe recommend that you upgrade your tomcat6 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2012-02-02T19:29:50", "type": "debian", "title": "[SECURITY] [DSA 2401-1] tomcat6 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2012-02-02T19:29:50", "id": "DEBIAN:DSA-2401-1:5C59D", "href": "https://lists.debian.org/debian-security-announce/2012/msg00025.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "vmware": [{"lastseen": "2021-06-08T18:38:42", "description": "a. VMware Tools Display Driver Privilege Escalation \nThe VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege escalation on Windows-based Guest Operating Systems. \nVMware would like to thank Tarjei Mandt for reporting theses issues to us. \nThe Common Vulnerabilities and Exposures project ([cve.mitre.org](<http://www.cve.mitre.org>)) has assigned the names CVE-2012-1509 (XPDM buffer overrun), CVE-2012-1510 (WDDM buffer overrun) and CVE-2012-1508 (XPDM null pointer dereference) to these issues. \nNote: CVE-2012-1509 doesn't affect ESXi and ESX. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "cvss3": {}, "published": "2012-03-15T00:00:00", "type": "vmware", "title": "VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-1510", "CVE-2012-1514", "CVE-2012-1508", "CVE-2012-0022", "CVE-2012-1509", "CVE-2010-0405", "CVE-2012-1513", "CVE-2011-3375", "CVE-2012-1512", "CVE-2011-3190"], "modified": "2012-12-20T00:00:00", "id": "VMSA-2012-0005", "href": "https://www.vmware.com/security/advisories/VMSA-2012-0005.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-19T20:02:43", "description": "a. VMware Tools Display Driver Privilege Escalation The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege escalation on Windows-based Guest Operating Systems. VMware would like to thank Tarjei Mandt for reporting theses issues to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-1509 (XPDM buffer overrun), CVE-2012-1510 (WDDM buffer overrun) and CVE-2012-1508 (XPDM null pointer dereference) to these issues. Note: CVE-2012-1509 doesn't affect ESXi and ESX. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.", "cvss3": {}, "published": "2012-03-15T00:00:00", "type": "vmware", "title": "VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0405", "CVE-2011-3190", "CVE-2011-3375", "CVE-2012-0022", "CVE-2012-1508", "CVE-2012-1509", "CVE-2012-1510", "CVE-2012-1512", "CVE-2012-1513", "CVE-2012-1514"], "modified": "2012-12-20T00:00:00", "id": "VMSA-2012-0005.4", "href": "https://www.vmware.com/security/advisories/VMSA-2012-0005.4.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:12:44", "description": "### Background\n\nApache Tomcat is a Servlet-3.0/JSP-2.2 Container.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nThe vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server\u2019s hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Apache Tomcat 6.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-6.0.35\"\n \n\nAll Apache Tomcat 7.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-7.0.23\"", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 4.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.4}, "published": "2012-06-24T00:00:00", "type": "gentoo", "title": "Apache Tomcat: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2010-1157", "CVE-2010-2227", "CVE-2010-3718", "CVE-2010-4172", "CVE-2010-4312", "CVE-2011-0013", "CVE-2011-0534", "CVE-2011-1088", "CVE-2011-1183", "CVE-2011-1184", "CVE-2011-1419", "CVE-2011-1475", "CVE-2011-1582", "CVE-2011-2204", "CVE-2011-2481", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2016-03-20T00:00:00", "id": "GLSA-201206-24", "href": "https://security.gentoo.org/glsa/201206-24", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oracle": [{"lastseen": "2021-06-08T18:45:00", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.** This Critical Patch Update contains 86 new security fixes across the product families listed below.\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n", "edition": 1, "cvss3": {}, "published": "2013-01-15T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update - January 2013", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0376", "CVE-2013-0362", "CVE-2013-0385", "CVE-2013-0355", "CVE-2012-1678", "CVE-2013-0371", "CVE-2012-1680", "CVE-2013-0394", "CVE-2013-0393", "CVE-2012-3220", "CVE-2013-0378", "CVE-2013-0379", "CVE-2012-5611", "CVE-2013-0386", "CVE-2012-0022", "CVE-2013-0374", "CVE-2012-4414", "CVE-2012-0574", "CVE-2013-0357", "CVE-2013-0353", "CVE-2012-5096", "CVE-2013-0359", "CVE-2013-0420", "CVE-2011-5035", "CVE-2013-0361", "CVE-2012-1705", "CVE-2013-0418", "CVE-2013-0358", "CVE-2012-3169", "CVE-2013-0390", "CVE-2012-3168", "CVE-2013-0392", "CVE-2013-0382", "CVE-2013-0381", "CVE-2013-0377", "CVE-2013-0395", "CVE-2012-1677", "CVE-2013-0383", "CVE-2013-0399", "CVE-2013-0352", "CVE-2013-0368", "CVE-2013-0389", "CVE-2012-3172", "CVE-2013-0354", "CVE-2012-5060", "CVE-2013-0375", "CVE-2012-5097", "CVE-2012-3170", "CVE-2013-0396", "CVE-2012-1702", "CVE-2012-3190", "CVE-2013-0364", "CVE-2013-0367", "CVE-2013-0388", "CVE-2013-0363", "CVE-2012-1701", "CVE-2013-0415", "CVE-2013-0407", "CVE-2013-0366", "CVE-2013-0387", "CVE-2012-0569", "CVE-2013-0370", "CVE-2012-3219", "CVE-2013-0365", "CVE-2012-1755", "CVE-2013-0380", "CVE-2013-0373", "CVE-2012-0572", "CVE-2012-3192", "CVE-2013-0391", "CVE-2012-3178", "CVE-2012-0578", "CVE-2012-5062", "CVE-2012-1700", "CVE-2013-0369", "CVE-2012-3218", "CVE-2013-0400", "CVE-2013-0372", "CVE-2012-5059", "CVE-2013-0356", "CVE-2013-0360", "CVE-2013-0417", "CVE-2013-0397", "CVE-2012-5612", "CVE-2013-0384", "CVE-2013-0414"], "modified": "2013-05-13T00:00:00", "id": "ORACLE:CPUJAN2013-1515902", "href": "https://www.oracle.com/security-alerts/cpujan2013.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
Fixed in Apache Tomcat 5.5.35
