DATABASE RESOURCES PRICING ABOUT US

{"id": "UB:CVE-2020-13943", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2020-13943", "description": "If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7,\n9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of\nconcurrent streams for a connection (in violation of the HTTP/2 protocol),\nit was possible that a subsequent request made on that connection could\ncontain HTTP headers - including HTTP/2 pseudo headers - from a previous\nrequest rather than the intended headers. This could lead to users seeing\nresponses for unexpected resources.", "published": "2020-10-12T00:00:00", "modified": "2020-10-12T00:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://ubuntu.com/security/CVE-2020-13943", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13943", "https://github.com/apache/tomcat/commit/55911430df13f8c9998fbdee1f9716994d2db59b ", "https://github.com/apache/tomcat/commit/9d7def063b47407a09a2f9202beed99f4dcb292a ", "https://lists.apache.org/thread.html/r4a390027eb27e4550142fac6c8317cc684b157ae314d31514747f307%40%3Cannounce.tomcat.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2020-13943", "https://launchpad.net/bugs/cve/CVE-2020-13943", "https://security-tracker.debian.org/tracker/CVE-2020-13943"], "cvelist": ["CVE-2020-13943"], "immutableFields": [], "lastseen": "2021-11-22T21:24:38", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "atlassian", "idList": ["ATLASSIAN:JRASERVER-72609", "ATLASSIAN:JRASERVER-72706", "JRASERVER-72609", "JRASERVER-72706"]}, {"type": "cisa", "idList": ["CISA:B47E8667695B59F24286931C39664E52"]}, {"type": "cve", "idList": ["CVE-2020-13943"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2407-1:84753", "DEBIAN:DLA-2407-1:CBAA5", "DEBIAN:DSA-4835-1:22674"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-13943"]}, {"type": "f5", "idList": ["F5:K31573032"]}, {"type": "github", "idList": ["GHSA-F268-65QC-98VG"]}, {"type": "ibm", "idList": ["C53D3C47BD4A155045F99C1E4CBF677182A1008DEB57811C876885F82676C572", "F0AFFAB5446BEF6A6B346CA7237A1583252E55B1EA002352E7DFDFFB5796363C"]}, {"type": "kaspersky", "idList": ["KLA12085"]}, {"type": "nessus", "idList": ["701332.PASL", "DEBIAN_DLA-2407.NASL", "DEBIAN_DSA-4835.NASL", "EULEROS_SA-2020-2324.NASL", "OPENSUSE-2020-1799.NASL", "OPENSUSE-2020-1842.NASL", "ORACLE_RDBMS_CPU_APR_2021.NASL", "PHOTONOS_PHSA-2020-1_0-0338_APACHE.NASL", "PHOTONOS_PHSA-2020-2_0-0295_APACHE.NASL", "PHOTONOS_PHSA-2020-3_0-0161_APACHE.NASL", "REDHAT-RHSA-2021-0494.NASL", "TOMCAT_10_0_0_M8.NASL", "TOMCAT_9_0_38.NASL", "WEB_APPLICATION_SCANNING_112627", "WEB_APPLICATION_SCANNING_112628", "WEB_APPLICATION_SCANNING_112629"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2021"]}, {"type": "photon", "idList": ["PHSA-2020-0161", "PHSA-2020-0295", "PHSA-2020-0338", "PHSA-2020-1.0-0338", "PHSA-2020-2.0-0295", "PHSA-2020-3.0-0161"]}, {"type": "redhat", "idList": ["RHSA-2021:0494", "RHSA-2021:0495", "RHSA-2021:4012", "RHSA-2021:5134"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-13943"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1799-1", "OPENSUSE-SU-2020:1842-1"]}, {"type": "symantec", "idList": ["SMNTC-17650"]}, {"type": "tomcat", "idList": ["TOMCAT:909935A4BEB7C54CD1FA804D13CDD890", "TOMCAT:E79D9E905E19211D175E5D0226367AEA", "TOMCAT:F0049A2F4586A81E86FFD36E3616FCA3"]}], "rev": 4}, "score": {"value": 5.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "atlassian", "idList": ["ATLASSIAN:JRASERVER-72609", "ATLASSIAN:JRASERVER-72706"]}, {"type": "cisa", "idList": ["CISA:B47E8667695B59F24286931C39664E52"]}, {"type": "cve", "idList": ["CVE-2020-13943"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2407-1:84753"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-13943"]}, {"type": "f5", "idList": ["F5:K31573032"]}, {"type": "github", "idList": ["GHSA-F268-65QC-98VG"]}, {"type": "ibm", "idList": ["C53D3C47BD4A155045F99C1E4CBF677182A1008DEB57811C876885F82676C572", "F0AFFAB5446BEF6A6B346CA7237A1583252E55B1EA002352E7DFDFFB5796363C"]}, {"type": "kaspersky", "idList": ["KLA12085"]}, {"type": "nessus", "idList": ["701332.PASL", "DEBIAN_DLA-2407.NASL", "ORACLE_RDBMS_CPU_APR_2021.NASL", "PHOTONOS_PHSA-2020-3_0-0161_APACHE.NASL", "REDHAT-RHSA-2021-0494.NASL", "TOMCAT_9_0_38.NASL", "WEB_APPLICATION_SCANNING_112627", "WEB_APPLICATION_SCANNING_112628", "WEB_APPLICATION_SCANNING_112629"]}, {"type": "photon", "idList": ["PHSA-2020-0295", "PHSA-2020-1.0-0338", "PHSA-2020-2.0-0295", "PHSA-2020-3.0-0161"]}, {"type": "redhat", "idList": ["RHSA-2021:0494"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-13943"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1799-1"]}, {"type": "symantec", "idList": ["SMNTC-17650"]}, {"type": "tomcat", "idList": ["TOMCAT:909935A4BEB7C54CD1FA804D13CDD890"]}]}, "exploitation": null, "vulnersScore": 5.0}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "tomcat8"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "9.0.38-1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "tomcat9"}], "bugs": [], "_state": {"dependencies": 1647589307, "score": 0}}

{"cisa": [{"lastseen": "2021-02-24T18:06:39", "description": "The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive information. \n\nThe Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Apache Security Advisory for [CVE-2020-13943](<http://mail-archives.us.apache.org/mod_mbox/www-announce/202010.mbox/%3C2b767c6e-dcb9-5816-bd69-a3bc0771fef3%40apache.org%3E>) and upgrade to the appropriate version.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2020/10/14/apache-releases-security-updates-apache-tomcat>); we'd welcome your feedback.\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2020-10-14T00:00:00", "type": "cisa", "title": "Apache Releases Security Updates for Apache Tomcat", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943"], "modified": "2020-10-15T00:00:00", "id": "CISA:B47E8667695B59F24286931C39664E52", "href": "https://us-cert.cisa.gov/ncas/current-activity/2020/10/14/apache-releases-security-updates-apache-tomcat", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-08-19T12:03:17", "description": "The version of Apache Tomcat installed on the remote host is < 10.0.0-M8. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_10.0.0-m8_security-10 advisory. Note that Nessus Network Monitor has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "Apache Tomcat < 10.0.0-M8 Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13943"], "modified": "2021-04-14T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "701332.PASL", "href": "https://www.tenable.com/plugins/nnm/701332", "sourceData": "Binary data 701332.pasl", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2022-01-15T14:02:46", "description": "The version of Apache Tomcat installed on the remote host is 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57. It is, therefore, affected by a vulnerability. If an HTTP/2 client exceeds the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it is possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This can lead to users seeing responses for unexpected resources.\n\nNote that the scanner has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 4.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-10-27T00:00:00", "type": "nessus", "title": "Apache Tomcat 9.0.0.M1 < 9.0.38 Information Disclosure", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13943"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112628", "href": "https://www.tenable.com/plugins/was/112628", "sourceData": "No source data", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2022-02-19T00:52:05", "description": "This update for tomcat fixes the following issues :\n\n - CVE-2020-13943: Fixed HTTP/2 Request mix-up (bsc#1177582)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", "cvss3": {"score": 4.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-11-06T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat (openSUSE-2020-1842)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13943"], "modified": "2020-11-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat", "p-cpe:/a:novell:opensuse:tomcat-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat-el-3_0-api", "p-cpe:/a:novell:opensuse:tomcat-embed", "p-cpe:/a:novell:opensuse:tomcat-javadoc", "p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api", "p-cpe:/a:novell:opensuse:tomcat-jsvc", "p-cpe:/a:novell:opensuse:tomcat-lib", "p-cpe:/a:novell:opensuse:tomcat-servlet-4_0-api", "p-cpe:/a:novell:opensuse:tomcat-webapps", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-1842.NASL", "href": "https://www.tenable.com/plugins/nessus/142550", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1842.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142550);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/20\");\n\n script_cve_id(\"CVE-2020-13943\");\n\n script_name(english:\"openSUSE Security Update : tomcat (openSUSE-2020-1842)\");\n script_summary(english:\"Check for the openSUSE-2020-1842 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for tomcat fixes the following issues :\n\n - CVE-2020-13943: Fixed HTTP/2 Request mix-up\n (bsc#1177582)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177582\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13943\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-el-3_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-servlet-4_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-9.0.36-lp151.3.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-admin-webapps-9.0.36-lp151.3.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-docs-webapp-9.0.36-lp151.3.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-el-3_0-api-9.0.36-lp151.3.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-embed-9.0.36-lp151.3.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-javadoc-9.0.36-lp151.3.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-jsp-2_3-api-9.0.36-lp151.3.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-jsvc-9.0.36-lp151.3.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-lib-9.0.36-lp151.3.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-servlet-4_0-api-9.0.36-lp151.3.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tomcat-webapps-9.0.36-lp151.3.33.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2022-04-11T21:18:39", "description": "The version of Tomcat installed on the remote host is prior to 10.0.0.M8. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_10.0.0-m8_security-10 advisory.\n\n - If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources. (CVE-2020-13943)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 4.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2021-06-21T00:00:00", "type": "nessus", "title": "Apache Tomcat 10.0.0.M1 < 10.0.0.M8 vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13943"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_10_0_0_M8.NASL", "href": "https://www.tenable.com/plugins/nessus/150935", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150935);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2020-13943\");\n script_xref(name:\"IAVA\", value:\"2020-A-0465-S\");\n\n script_name(english:\"Apache Tomcat 10.0.0.M1 < 10.0.0.M8 vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by a vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Tomcat installed on the remote host is prior to 10.0.0.M8. It is, therefore, affected by a vulnerability\nas referenced in the fixed_in_apache_tomcat_10.0.0-m8_security-10 advisory.\n\n - If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to\n 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the\n HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP\n headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This\n could lead to users seeing responses for unexpected resources. (CVE-2020-13943)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://github.com/apache/tomcat/commit/1bbc650cbc3f08d85a1ec6d803c47ae53a84f3bb\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?61a1bb5c\");\n # https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M8\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ae2cfc7f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 10.0.0.M8 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude('tomcat_version.inc');\n\ntomcat_check_version(fixed: '10.0.0.M8', min:'10.0.0.M1', severity:SECURITY_WARNING, granularity_regex: \"^(10(\\.0(\\.0)?)?)$\");\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2022-02-19T00:56:02", "description": "This update for tomcat fixes the following issues :\n\n - CVE-2020-13943: Fixed HTTP/2 Request mix-up (bsc#1177582)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {"score": 4.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-11-02T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat (openSUSE-2020-1799)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13943"], "modified": "2020-12-11T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat", "p-cpe:/a:novell:opensuse:tomcat-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat-el-3_0-api", "p-cpe:/a:novell:opensuse:tomcat-embed", "p-cpe:/a:novell:opensuse:tomcat-javadoc", "p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api", "p-cpe:/a:novell:opensuse:tomcat-jsvc", "p-cpe:/a:novell:opensuse:tomcat-lib", "p-cpe:/a:novell:opensuse:tomcat-servlet-4_0-api", "p-cpe:/a:novell:opensuse:tomcat-webapps", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1799.NASL", "href": "https://www.tenable.com/plugins/nessus/142186", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1799.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142186);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/11\");\n\n script_cve_id(\"CVE-2020-13943\");\n script_xref(name:\"IAVA\", value:\"2020-A-0465-S\");\n\n script_name(english:\"openSUSE Security Update : tomcat (openSUSE-2020-1799)\");\n script_summary(english:\"Check for the openSUSE-2020-1799 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for tomcat fixes the following issues :\n\n - CVE-2020-13943: Fixed HTTP/2 Request mix-up\n (bsc#1177582)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177582\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13943\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-el-3_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-servlet-4_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-9.0.36-lp152.2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-admin-webapps-9.0.36-lp152.2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-docs-webapp-9.0.36-lp152.2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-el-3_0-api-9.0.36-lp152.2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-embed-9.0.36-lp152.2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-javadoc-9.0.36-lp152.2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-jsp-2_3-api-9.0.36-lp152.2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-jsvc-9.0.36-lp152.2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-lib-9.0.36-lp152.2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-servlet-4_0-api-9.0.36-lp152.2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-webapps-9.0.36-lp152.2.10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:11:37", "description": "According to the version of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.(CVE-2020-13943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 4.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-11-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2020-2324)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13943"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tomcat", "p-cpe:/a:huawei:euleros:tomcat-admin-webapps", "p-cpe:/a:huawei:euleros:tomcat-el-3.0-api", "p-cpe:/a:huawei:euleros:tomcat-jsp-2.3-api", "p-cpe:/a:huawei:euleros:tomcat-lib", "p-cpe:/a:huawei:euleros:tomcat-servlet-4.0-api", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2324.NASL", "href": "https://www.tenable.com/plugins/nessus/142170", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142170);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-13943\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0465-S\");\n\n script_name(english:\"EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2020-2324)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the tomcat packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - If an HTTP/2 client connecting to Apache Tomcat\n 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to\n 8.5.57 exceeded the agreed maximum number of concurrent\n streams for a connection (in violation of the HTTP/2\n protocol), it was possible that a subsequent request\n made on that connection could contain HTTP headers -\n including HTTP/2 pseudo headers - from a previous\n request rather than the intended headers. This could\n lead to users seeing responses for unexpected\n resources.(CVE-2020-13943)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2324\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?13e84c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13943\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-el-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-servlet-4.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-9.0.10-1.h10.eulerosv2r8\",\n \"tomcat-admin-webapps-9.0.10-1.h10.eulerosv2r8\",\n \"tomcat-el-3.0-api-9.0.10-1.h10.eulerosv2r8\",\n \"tomcat-jsp-2.3-api-9.0.10-1.h10.eulerosv2r8\",\n \"tomcat-lib-9.0.10-1.h10.eulerosv2r8\",\n \"tomcat-servlet-4.0-api-9.0.10-1.h10.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:12:00", "description": "It was discovered that there was an issue in Apache Tomcat 8, the Java application server. An excessive number of concurrent streams could have resulted in users seeing responses for unexpected resources.\n\nFor Debian 9 'Stretch', this problem has been fixed in version 8.5.54-0+deb9u4.\n\nWe recommend that you upgrade your tomcat8 packages.\n\nFor the detailed security status of tomcat8 please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/tomcat8\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 4.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-10-15T00:00:00", "type": "nessus", "title": "Debian DLA-2407-1 : tomcat8 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13943"], "modified": "2020-12-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libservlet3.1-java", "p-cpe:/a:debian:debian_linux:libservlet3.1-java-doc", "p-cpe:/a:debian:debian_linux:libtomcat8-embed-java", "p-cpe:/a:debian:debian_linux:libtomcat8-java", "p-cpe:/a:debian:debian_linux:tomcat8", "p-cpe:/a:debian:debian_linux:tomcat8-admin", "p-cpe:/a:debian:debian_linux:tomcat8-common", "p-cpe:/a:debian:debian_linux:tomcat8-docs", "p-cpe:/a:debian:debian_linux:tomcat8-examples", "p-cpe:/a:debian:debian_linux:tomcat8-user", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2407.NASL", "href": "https://www.tenable.com/plugins/nessus/141466", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2407-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141466);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/11\");\n\n script_cve_id(\"CVE-2020-13943\");\n script_xref(name:\"IAVA\", value:\"2020-A-0465-S\");\n\n script_name(english:\"Debian DLA-2407-1 : tomcat8 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that there was an issue in Apache Tomcat 8, the Java\napplication server. An excessive number of concurrent streams could\nhave resulted in users seeing responses for unexpected resources.\n\nFor Debian 9 'Stretch', this problem has been fixed in version\n8.5.54-0+deb9u4.\n\nWe recommend that you upgrade your tomcat8 packages.\n\nFor the detailed security status of tomcat8 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/tomcat8\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/10/msg00019.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/tomcat8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/tomcat8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.1-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.1-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtomcat8-embed-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtomcat8-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libservlet3.1-java\", reference:\"8.5.54-0+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libservlet3.1-java-doc\", reference:\"8.5.54-0+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libtomcat8-embed-java\", reference:\"8.5.54-0+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libtomcat8-java\", reference:\"8.5.54-0+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"tomcat8\", reference:\"8.5.54-0+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"tomcat8-admin\", reference:\"8.5.54-0+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"tomcat8-common\", reference:\"8.5.54-0+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"tomcat8-docs\", reference:\"8.5.54-0+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"tomcat8-examples\", reference:\"8.5.54-0+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"tomcat8-user\", reference:\"8.5.54-0+deb9u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2022-04-16T14:02:46", "description": "The version of Tomcat installed on the remote host is 8.5.x prior to 8.5.58 or 9.0.x prior to 9.0.38. It is, therefore, affected by a vulnerability. If an HTTP/2 client exceeds the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it is possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This can lead to users seeing responses for unexpected resources.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 4.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-10-14T00:00:00", "type": "nessus", "title": "Apache Tomcat 8.5.x < 8.5.58 / 9.0.x < 9.0.38 HTTP/2 Request Mix-Up", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13943"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_9_0_38.NASL", "href": "https://www.tenable.com/plugins/nessus/141446", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141446);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2020-13943\");\n script_xref(name:\"IAVA\", value:\"2020-A-0465-S\");\n\n script_name(english:\"Apache Tomcat 8.5.x < 8.5.58 / 9.0.x < 9.0.38 HTTP/2 Request Mix-Up\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by a vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Tomcat installed on the remote host is 8.5.x prior to 8.5.58 or 9.0.x prior to 9.0.38. It is, therefore,\naffected by a vulnerability. If an HTTP/2 client exceeds the agreed maximum number of concurrent streams for a\nconnection (in violation of the HTTP/2 protocol), it is possible that a subsequent request made on that connection could\ncontain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This\ncan lead to users seeing responses for unexpected resources.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://github.com/apache/tomcat/commit/55911430df13f8c9998fbdee1f9716994d2db59b\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0656cf04\");\n # https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.38\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?771617a1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 8.5.58, 9.0.38 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude('tomcat_version.inc');\n\ntomcat_check_version(\n fixed:make_list(\"8.5.58\", \"9.0.38\"),\n severity:SECURITY_WARNING,\n granularity_regex:\"^(8(\\.5)?|9(\\.0)?)$\"\n);\n\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2022-01-15T14:02:58", "description": "The version of Apache Tomcat installed on the remote host is 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57. It is, therefore, affected by a vulnerability. If an HTTP/2 client exceeds the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it is possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This can lead to users seeing responses for unexpected resources.\n\nNote that the scanner has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 4.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-10-27T00:00:00", "type": "nessus", "title": "Apache Tomcat 8.5.x < 8.5.58 Information Disclosure", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13943"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112629", "href": "https://www.tenable.com/plugins/was/112629", "sourceData": "No source data", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:10:05", "description": "An update of the apache package has been released.", "cvss3": {"score": 4.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-11-19T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Apache PHSA-2020-1.0-0338", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13943"], "modified": "2020-11-24T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:apache", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2020-1_0-0338_APACHE.NASL", "href": "https://www.tenable.com/plugins/nessus/143063", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-1.0-0338. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143063);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/24\");\n\n script_cve_id(\"CVE-2020-13943\");\n\n script_name(english:\"Photon OS 1.0: Apache PHSA-2020-1.0-0338\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the apache package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-338.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 1.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-1.0', reference:'apache-tomcat-8.5.51-5.ph1')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache');\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:10:44", "description": "An update of the apache package has been released.", "cvss3": {"score": 4.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-11-18T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Apache PHSA-2020-2.0-0295", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13943"], "modified": "2020-11-19T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:apache", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2020-2_0-0295_APACHE.NASL", "href": "https://www.tenable.com/plugins/nessus/142985", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0295. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142985);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/19\");\n\n script_cve_id(\"CVE-2020-13943\");\n\n script_name(english:\"Photon OS 2.0: Apache PHSA-2020-2.0-0295\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the apache package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-295.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 2.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-2.0', reference:'apache-tomcat-8.5.51-5.ph2')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache');\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:12:12", "description": "An update of the apache package has been released.", "cvss3": {"score": 4.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-11-10T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Apache PHSA-2020-3.0-0161", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13943"], "modified": "2020-11-12T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:apache", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2020-3_0-0161_APACHE.NASL", "href": "https://www.tenable.com/plugins/nessus/142655", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-3.0-0161. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142655);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/12\");\n\n script_cve_id(\"CVE-2020-13943\");\n\n script_name(english:\"Photon OS 3.0: Apache PHSA-2020-3.0-0161\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the apache package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-161.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', reference:'apache-tomcat-8.5.51-5.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache');\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2022-01-15T14:02:57", "description": "The version of Apache Tomcat installed on the remote host is 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57. It is, therefore, affected by a vulnerability. If an HTTP/2 client exceeds the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it is possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This can lead to users seeing responses for unexpected resources.\n\nNote that the scanner has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 4.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-10-27T00:00:00", "type": "nessus", "title": "Apache Tomcat 10.0.0-M1 < 10.0.0-M8 Information Disclosure", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13943"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112627", "href": "https://www.tenable.com/plugins/was/112627", "sourceData": "No source data", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2022-06-16T14:52:41", "description": "Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2021-01-25T00:00:00", "type": "nessus", "title": "Debian DSA-4835-1 : tomcat9 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13943", "CVE-2020-17527"], "modified": "2021-01-27T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat9", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4835.NASL", "href": "https://www.tenable.com/plugins/nessus/145386", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4835. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145386);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/27\");\n\n script_cve_id(\"CVE-2020-13943\", \"CVE-2020-17527\");\n script_xref(name:\"DSA\", value:\"4835\");\n\n script_name(english:\"Debian DSA-4835-1 : tomcat9 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Two vulnerabilities were discovered in the Tomcat servlet and JSP\nengine, which could result in information disclosure.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/tomcat9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/tomcat9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2021/dsa-4835\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the tomcat9 packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 9.0.31-1~deb10u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"libtomcat9-embed-java\", reference:\"9.0.31-1~deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libtomcat9-java\", reference:\"9.0.31-1~deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"tomcat9\", reference:\"9.0.31-1~deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"tomcat9-admin\", reference:\"9.0.31-1~deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"tomcat9-common\", reference:\"9.0.31-1~deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"tomcat9-docs\", reference:\"9.0.31-1~deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"tomcat9-examples\", reference:\"9.0.31-1~deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"tomcat9-user\", reference:\"9.0.31-1~deb10u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-01-07T01:37:34", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0494 advisory.\n\n - tomcat: Apache Tomcat HTTP/2 Request mix-up (CVE-2020-13943)\n\n - tomcat: HTTP/2 request header mix-up (CVE-2020-17527)\n\n - openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\n - tomcat: Information disclosure when using NTFS file system (CVE-2021-24122)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2021-02-11T00:00:00", "type": "nessus", "title": "RHEL 7 : Red Hat JBoss Web Server 5.4.1 Security Update (Moderate) (RHSA-2021:0494)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1971", "CVE-2020-13943", "CVE-2020-17527", "CVE-2021-24122"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-el-3.0-api", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-javadoc", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-jsp-2.3-api", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-lib", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-native", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-selinux", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-servlet-4.0-api", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-webapps"], "id": "REDHAT-RHSA-2021-0494.NASL", "href": "https://www.tenable.com/plugins/nessus/146431", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0494. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146431);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/07\");\n\n script_cve_id(\n \"CVE-2020-1971\",\n \"CVE-2020-13943\",\n \"CVE-2020-17527\",\n \"CVE-2021-24122\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0494\");\n script_xref(name:\"IAVA\", value:\"2021-A-0038\");\n script_xref(name:\"IAVA\", value:\"2020-A-0566-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0196\");\n script_xref(name:\"IAVA\", value:\"2021-A-0328\");\n script_xref(name:\"IAVA\", value:\"2020-A-0465-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0570-S\");\n\n script_name(english:\"RHEL 7 : Red Hat JBoss Web Server 5.4.1 Security Update (Moderate) (RHSA-2021:0494)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0494 advisory.\n\n - tomcat: Apache Tomcat HTTP/2 Request mix-up (CVE-2020-13943)\n\n - tomcat: HTTP/2 request header mix-up (CVE-2020-17527)\n\n - openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\n - tomcat: Information disclosure when using NTFS file system (CVE-2021-24122)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-17527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-24122\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0494\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1887648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903409\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1904221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1917209\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17527\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-el-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-servlet-4.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-webapps\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'jboss_enterprise_web_server_5_4_el7': [\n 'jws-5-for-rhel-7-server-debug-rpms',\n 'jws-5-for-rhel-7-server-rpms',\n 'jws-5-for-rhel-7-server-source-rpms'\n ],\n 'jboss_enterprise_web_server_5_4_el8': [\n 'jws-5-for-rhel-8-x86_64-debug-rpms',\n 'jws-5-for-rhel-8-x86_64-rpms',\n 'jws-5-for-rhel-8-x86_64-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'jws5-tomcat-9.0.36-9.redhat_8.1.el7jws', 'release':'7', 'el_string':'el7jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el7', 'jboss_enterprise_web_server_5_4_el8']},\n {'reference':'jws5-tomcat-admin-webapps-9.0.36-9.redhat_8.1.el7jws', 'release':'7', 'el_string':'el7jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el7', 'jboss_enterprise_web_server_5_4_el8']},\n {'reference':'jws5-tomcat-docs-webapp-9.0.36-9.redhat_8.1.el7jws', 'release':'7', 'el_string':'el7jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el7', 'jboss_enterprise_web_server_5_4_el8']},\n {'reference':'jws5-tomcat-el-3.0-api-9.0.36-9.redhat_8.1.el7jws', 'release':'7', 'el_string':'el7jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el7', 'jboss_enterprise_web_server_5_4_el8']},\n {'reference':'jws5-tomcat-javadoc-9.0.36-9.redhat_8.1.el7jws', 'release':'7', 'el_string':'el7jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el7', 'jboss_enterprise_web_server_5_4_el8']},\n {'reference':'jws5-tomcat-jsp-2.3-api-9.0.36-9.redhat_8.1.el7jws', 'release':'7', 'el_string':'el7jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el7', 'jboss_enterprise_web_server_5_4_el8']},\n {'reference':'jws5-tomcat-lib-9.0.36-9.redhat_8.1.el7jws', 'release':'7', 'el_string':'el7jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el7', 'jboss_enterprise_web_server_5_4_el8']},\n {'reference':'jws5-tomcat-native-1.2.25-3.redhat_3.el7jws', 'cpu':'x86_64', 'release':'7', 'el_string':'el7jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el7', 'jboss_enterprise_web_server_5_4_el8']},\n {'reference':'jws5-tomcat-selinux-9.0.36-9.redhat_8.1.el7jws', 'release':'7', 'el_string':'el7jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el7', 'jboss_enterprise_web_server_5_4_el8']},\n {'reference':'jws5-tomcat-servlet-4.0-api-9.0.36-9.redhat_8.1.el7jws', 'release':'7', 'el_string':'el7jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el7', 'jboss_enterprise_web_server_5_4_el8']},\n {'reference':'jws5-tomcat-webapps-9.0.36-9.redhat_8.1.el7jws', 'release':'7', 'el_string':'el7jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el7', 'jboss_enterprise_web_server_5_4_el8']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jws5-tomcat / jws5-tomcat-admin-webapps / jws5-tomcat-docs-webapp / etc');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-15T16:59:23", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5360-1 advisory.\n\n - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=null (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. (CVE-2020-9484)\n\n - Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread. (CVE-2020-9494)\n\n - If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources. (CVE-2020-13943)\n\n - While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests. (CVE-2020-17527)\n\n - When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.\n (CVE-2021-25122)\n\n - The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. (CVE-2021-25329)\n\n - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65. (CVE-2021-30640)\n\n - Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding;\n and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.\n (CVE-2021-33037)\n\n - Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.\n (CVE-2021-41079)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2022-04-01T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Tomcat vulnerabilities (USN-5360-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13943", "CVE-2020-17527", "CVE-2020-9484", "CVE-2020-9494", "CVE-2021-25122", "CVE-2021-25329", "CVE-2021-30640", "CVE-2021-33037", "CVE-2021-41079"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libtomcat9-embed-java", "p-cpe:/a:canonical:ubuntu_linux:libtomcat9-java", "p-cpe:/a:canonical:ubuntu_linux:tomcat9", "p-cpe:/a:canonical:ubuntu_linux:tomcat9-admin", "p-cpe:/a:canonical:ubuntu_linux:tomcat9-common", "p-cpe:/a:canonical:ubuntu_linux:tomcat9-examples", "p-cpe:/a:canonical:ubuntu_linux:tomcat9-user"], "id": "UBUNTU_USN-5360-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159385", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5360-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159385);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2020-9484\",\n \"CVE-2020-9494\",\n \"CVE-2020-13943\",\n \"CVE-2020-17527\",\n \"CVE-2021-25122\",\n \"CVE-2021-25329\",\n \"CVE-2021-30640\",\n \"CVE-2021-33037\",\n \"CVE-2021-41079\"\n );\n script_xref(name:\"USN\", value:\"5360-1\");\n script_xref(name:\"IAVA\", value:\"2020-A-0470\");\n script_xref(name:\"IAVA\", value:\"2020-A-0225-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0324\");\n script_xref(name:\"IAVA\", value:\"2020-A-0465-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0570-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0194-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0114-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0347\");\n script_xref(name:\"IAVA\", value:\"2021-A-0483\");\n script_xref(name:\"IAVA\", value:\"2021-A-0303-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0486-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0487\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Tomcat vulnerabilities (USN-5360-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5360-1 advisory.\n\n - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to\n 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the\n server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is\n configured with sessionAttributeValueClassNameFilter=null (the default unless a SecurityManager is used)\n or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker\n knows the relative file path from the storage location used by FileStore to the file the attacker has\n control over; then, using a specifically crafted request, the attacker will be able to trigger remote code\n execution via deserialization of the file under their control. Note that all of conditions a) to d) must\n be true for the attack to succeed. (CVE-2020-9484)\n\n - Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types\n of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the\n thread. (CVE-2020-9494)\n\n - If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to\n 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the\n HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP\n headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This\n could lead to users seeing responses for unexpected resources. (CVE-2020-13943)\n\n - While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to\n 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on\n an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely\n lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak\n between requests. (CVE-2020-17527)\n\n - When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to\n 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one\n request to another meaning user A and user B could both see the results of user A's request.\n (CVE-2021-25122)\n\n - The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to\n 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be\n used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published\n prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to\n this issue. (CVE-2021-25329)\n\n - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of\n a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue\n affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65. (CVE-2021-30640)\n\n - Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP\n transfer-encoding request header in some circumstances leading to the possibility to request smuggling\n when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if\n the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding;\n and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.\n (CVE-2021-33037)\n\n - Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate\n incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially\n crafted packet could be used to trigger an infinite loop resulting in a denial of service.\n (CVE-2021-41079)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5360-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30640\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-25122\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat9-embed-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat9-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat9-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat9-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat9-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat9-user\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022 Canonical, Inc. / NASL script (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('ubuntu.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(18\\.04|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'libtomcat9-embed-java', 'pkgver': '9.0.16-3ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'libtomcat9-java', 'pkgver': '9.0.16-3ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'tomcat9', 'pkgver': '9.0.16-3ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'tomcat9-admin', 'pkgver': '9.0.16-3ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'tomcat9-common', 'pkgver': '9.0.16-3ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'tomcat9-examples', 'pkgver': '9.0.16-3ubuntu0.18.04.2'},\n {'osver': '18.04', 'pkgname': 'tomcat9-user', 'pkgver': '9.0.16-3ubuntu0.18.04.2'},\n {'osver': '20.04', 'pkgname': 'libtomcat9-embed-java', 'pkgver': '9.0.31-1ubuntu0.2'},\n {'osver': '20.04', 'pkgname': 'libtomcat9-java', 'pkgver': '9.0.31-1ubuntu0.2'},\n {'osver': '20.04', 'pkgname': 'tomcat9', 'pkgver': '9.0.31-1ubuntu0.2'},\n {'osver': '20.04', 'pkgname': 'tomcat9-admin', 'pkgver': '9.0.31-1ubuntu0.2'},\n {'osver': '20.04', 'pkgname': 'tomcat9-common', 'pkgver': '9.0.31-1ubuntu0.2'},\n {'osver': '20.04', 'pkgname': 'tomcat9-examples', 'pkgver': '9.0.31-1ubuntu0.2'},\n {'osver': '20.04', 'pkgname': 'tomcat9-user', 'pkgver': '9.0.31-1ubuntu0.2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libtomcat9-embed-java / libtomcat9-java / tomcat9 / tomcat9-admin / etc');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-06-16T14:59:50", "description": "The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2021 CPU advisory. \n\n - Vulnerability in the Oracle Database - Enterprise Edition Security (Dell BSAFE Micro Edition Suite) component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Database - Enterprise Edition Security (Dell BSAFE Micro Edition Suite). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database - Enterprise Edition Security (Dell BSAFE Micro Edition Suite) (CVE-2020-5360).\n\n - Vulnerability in the Workload Manager (Apache Tomcat) component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Workload Manager (Apache Tomcat). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Workload Manager (Apache Tomcat) accessible data (CVE-2020-17527).\n\n - Vulnerability in the Oracle Database - Enterprise Edition (Dell BSAFE Crypto-J) component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Database - Enterprise Edition (Dell BSAFE Crypto-J). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Database - Enterprise Edition (Dell BSAFE Crypto-J) accessible data (CVE-2019-3740). \n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2021-04-21T00:00:00", "type": "nessus", "title": "Oracle Database Server Multiple Vulnerabilities (Apr 2021 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11358", "CVE-2019-3738", "CVE-2019-3739", "CVE-2019-3740", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-13943", "CVE-2020-17527", "CVE-2020-5359", "CVE-2020-5360", "CVE-2020-7760", "CVE-2020-9484", "CVE-2021-2173", "CVE-2021-2175", "CVE-2021-2207", "CVE-2021-2234", "CVE-2021-2245"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/a:oracle:database_server"], "id": "ORACLE_RDBMS_CPU_APR_2021.NASL", "href": "https://www.tenable.com/plugins/nessus/148894", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148894);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2019-3738\",\n \"CVE-2019-3739\",\n \"CVE-2019-3740\",\n \"CVE-2019-11358\",\n \"CVE-2020-5359\",\n \"CVE-2020-5360\",\n \"CVE-2020-7760\",\n \"CVE-2020-9484\",\n \"CVE-2020-11022\",\n \"CVE-2020-11023\",\n \"CVE-2020-13943\",\n \"CVE-2020-17527\",\n \"CVE-2021-2173\",\n \"CVE-2021-2175\",\n \"CVE-2021-2207\",\n \"CVE-2021-2234\",\n \"CVE-2021-2245\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0194-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0330-S\");\n\n script_name(english:\"Oracle Database Server Multiple Vulnerabilities (Apr 2021 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is running a database server which is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as\nreferenced in the April 2021 CPU advisory. \n\n - Vulnerability in the Oracle Database - Enterprise Edition Security (Dell BSAFE Micro Edition Suite) \n component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c\n and 19c. Easily exploitable vulnerability allows unauthenticated attacker with network access via \n multiple protocols to compromise Oracle Database - Enterprise Edition Security (Dell BSAFE Micro Edition Suite). \n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently \n repeatable crash (complete DOS) of Oracle Database - Enterprise Edition Security (Dell BSAFE Micro Edition Suite) \n (CVE-2020-5360).\n\n - Vulnerability in the Workload Manager (Apache Tomcat) component of Oracle Database Server. Supported versions \n that are affected are 18c and 19c. Easily exploitable vulnerability allows unauthenticated attacker with network \n access via HTTP to compromise Workload Manager (Apache Tomcat). Successful attacks of this vulnerability can \n result in unauthorized access to critical data or complete access to all Workload Manager (Apache Tomcat) \n accessible data (CVE-2020-17527).\n\n - Vulnerability in the Oracle Database - Enterprise Edition (Dell BSAFE Crypto-J) component of Oracle Database \n Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability\n allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Database - Enterprise \n Edition (Dell BSAFE Crypto-J). Successful attacks require human interaction from a person other than the attacker. \n Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to \n all Oracle Database - Enterprise Edition (Dell BSAFE Crypto-J) accessible data (CVE-2019-3740). \n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/a/tech/docs/cpuapr2021cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuapr2021.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2021 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5359\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-17527\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:database_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_rdbms_query_patch_info.nbin\", \"oracle_rdbms_patch_info.nbin\");\n\n exit(0);\n}\n\ninclude('vcf_extras_oracle.inc');\n\napp_info = vcf::oracle_rdbms::get_app_info();\n\nconstraints = [\n # RDBMS:\n {'min_version': '19.0', 'fixed_version': '19.9.2.0.210420', 'missing_patch':'32421507', 'os':'unix', 'component':'db'},\n {'min_version': '19.0', 'fixed_version': '19.11.0.0.210420', 'missing_patch':'32409154', 'os':'win', 'component':'db'},\n {'min_version': '19.10', 'fixed_version': '19.10.1.0.210420', 'missing_patch':'32441092', 'os':'unix', 'component':'db'},\n {'min_version': '19.11', 'fixed_version': '19.11.0.0.210420', 'missing_patch':'32545013', 'os':'unix', 'component':'db'},\n \n {'min_version': '18.0', 'fixed_version': '18.12.2.0.210420', 'missing_patch':'32421478', 'os':'unix', 'component':'db'},\n {'min_version': '18.0', 'fixed_version': '18.14.0.0.210420', 'missing_patch':'32438481', 'os':'win', 'component':'db'},\n {'min_version': '18.13', 'fixed_version': '18.13.1.0.210420', 'missing_patch':'32451079', 'os':'unix', 'component':'db'},\n {'min_version': '18.14', 'fixed_version': '18.14.0.0.210420', 'missing_patch':'32524155', 'os':'unix', 'component':'db'},\n \n {'min_version': '12.2.0.1.0', 'fixed_version': '12.2.0.1.210420', 'missing_patch':'32507738', 'os':'unix', 'component':'db'},\n {'min_version': '12.2.0.1.0', 'fixed_version': '12.2.0.1.210420', 'missing_patch':'32392089', 'os':'win', 'component':'db'},\n\n {'min_version': '12.1.0.2.0', 'fixed_version': '12.1.0.2.210420', 'missing_patch':'32328635, 32328632', 'os':'unix', 'component':'db'},\n {'min_version': '12.1.0.2.0', 'fixed_version': '12.1.0.2.210420', 'missing_patch':'32396181', 'os':'win', 'component':'db'},\n \n # OJVM:\n {'min_version': '19.0', 'fixed_version': '19.11.0.0.210420', 'missing_patch':'32399816', 'os':'unix', 'component':'ojvm'},\n {'min_version': '19.0', 'fixed_version': '19.11.0.0.210420', 'missing_patch':'32399816', 'os':'win', 'component':'ojvm'},\n\n {'min_version': '18.0', 'fixed_version': '18.14.0.0.210420', 'missing_patch':'32552752', 'os':'unix', 'component':'ojvm'},\n {'min_version': '18.0', 'fixed_version': '18.14.0.0.210420', 'missing_patch':'32552752', 'os':'win', 'component':'ojvm'},\n\n {'min_version': '12.2.0.1.0', 'fixed_version': '12.2.0.1.210420', 'missing_patch':'32473172', 'os':'unix', 'component':'ojvm'},\n {'min_version': '12.2.0.1.0', 'fixed_version': '12.2.0.1.210420', 'missing_patch':'32427674', 'os':'win', 'component':'ojvm'},\n\n {'min_version': '12.1.0.2.0', 'fixed_version': '12.1.0.2.210420', 'missing_patch':'32473164', 'os':'unix', 'component':'ojvm'},\n {'min_version': '12.1.0.2.0', 'fixed_version': '12.1.0.2.210420', 'missing_patch':'32427683', 'os':'win', 'component':'ojvm'}\n \n];\n\nvcf::oracle_rdbms::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "kaspersky": [{"lastseen": "2021-08-18T10:58:08", "description": "### *Detect date*:\n09/15/2020\n\n### *Severity*:\nWarning\n\n### *Description*:\nA security UI vulnerability was found in Apache Tomcat. Malicious users can exploit this vulnerability to spoof user interface.\n\n### *Affected products*:\nApache Tomcat 8.5.x earlier than 8.5.58 \nApache Tomcat 9.x earlier than 9.0.38\n\n### *Solution*:\nUpdate to the latest version \n[Tomcat 8.5 Software Downloads](<https://tomcat.apache.org/download-80.cgi>) \n[Tomcat 9 Software Downloads](<https://tomcat.apache.org/download-90.cgi>)\n\n### *Original advisories*:\n[Apache Tomcat 8.5.x vulnerabilities](<http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.58>) \n[Apache Tomcat 9.x vulnerabilities](<http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.38>) \n\n\n### *Impacts*:\nSUI \n\n### *Related products*:\n[Apache Tomcat](<https://threats.kaspersky.com/en/product/Apache-Tomcat/>)\n\n### *CVE-IDS*:\n[CVE-2020-13943](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13943>)4.0Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2020-09-15T00:00:00", "type": "kaspersky", "title": "KLA12085 SUI vulnerability in Apache Tomcat", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943"], "modified": "2021-02-16T00:00:00", "id": "KLA12085", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12085/", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "redhatcve": [{"lastseen": "2022-06-08T08:05:18", "description": "A flaw was found in Apache Tomcat. If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it is possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources. The highest threat from this vulnerability is to data confidentiality.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-10-13T20:19:36", "type": "redhatcve", "title": "CVE-2020-13943", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943"], "modified": "2022-06-08T07:30:19", "id": "RH:CVE-2020-13943", "href": "https://access.redhat.com/security/cve/cve-2020-13943", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources (CVE-2020-13943). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-10-29T22:25:06", "type": "mageia", "title": "Updated tomcat packages fix a security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943"], "modified": "2020-10-29T22:25:06", "id": "MGASA-2020-0397", "href": "https://advisories.mageia.org/MGASA-2020-0397.html", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "suse": [{"lastseen": "2022-04-18T12:40:55", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for tomcat fixes the following issues:\n\n - CVE-2020-13943: Fixed HTTP/2 Request mix-up (bsc#1177582)\n\n This update was imported from the SUSE:SLE-15-SP2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-1799=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-11-01T00:00:00", "type": "suse", "title": "Security update for tomcat (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943"], "modified": "2020-11-01T00:00:00", "id": "OPENSUSE-SU-2020:1799-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4R6SGGLLSOWWSBNVPTFE4HEM6542AMI5/", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2022-06-23T18:00:34", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for tomcat fixes the following issues:\n\n - CVE-2020-13943: Fixed HTTP/2 Request mix-up (bsc#1177582)\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-1842=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-11-05T00:00:00", "type": "suse", "title": "Security update for tomcat (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943"], "modified": "2020-11-05T00:00:00", "id": "OPENSUSE-SU-2020:1842-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5AUBSMXMEYUIFU7NFNEUGM4PNZHW5RBO/", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2021-10-22T10:55:14", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2407-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Chris Lamb\nOctober 14, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : tomcat8\nVersion : 8.5.54-0+deb9u4\nCVE ID : CVE-2020-13943\n\nIt was discovered that there was an issue in Apache Tomcat 8, the\nJava application server. An excessive number of concurrent streams\ncould have resulted in users seeing responses for unexpected\nresources.\n\nFor Debian 9 &quot;Stretch&quot;, this problem has been fixed in version\n8.5.54-0+deb9u4.\n\nWe recommend that you upgrade your tomcat8 packages.\n\nFor the detailed security status of tomcat8 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/tomcat8\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2020-10-14T12:05:03", "type": "debian", "title": "[SECURITY] [DLA 2407-1] tomcat8 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943"], "modified": "2020-10-14T12:05:03", "id": "DEBIAN:DLA-2407-1:CBAA5", "href": "https://lists.debian.org/debian-lts-announce/2020/10/msg00019.html", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2021-12-03T03:00:05", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2407-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Chris Lamb\nOctober 14, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : tomcat8\nVersion : 8.5.54-0+deb9u4\nCVE ID : CVE-2020-13943\n\nIt was discovered that there was an issue in Apache Tomcat 8, the\nJava application server. An excessive number of concurrent streams\ncould have resulted in users seeing responses for unexpected\nresources.\n\nFor Debian 9 &quot;Stretch&quot;, this problem has been fixed in version\n8.5.54-0+deb9u4.\n\nWe recommend that you upgrade your tomcat8 packages.\n\nFor the detailed security status of tomcat8 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/tomcat8\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2020-10-14T12:05:03", "type": "debian", "title": "[SECURITY] [DLA 2407-1] tomcat8 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943"], "modified": "2020-10-14T12:05:03", "id": "DEBIAN:DLA-2407-1:84753", "href": "https://lists.debian.org/debian-lts-announce/2020/10/msg00019.html", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2022-02-16T11:28:03", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4835-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 22, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat9\nCVE ID : CVE-2020-13943 CVE-2020-17527\n\nTwo vulnerabilities were discovered in the Tomcat servlet and JSP\nengine, which could result in information disclosure.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 9.0.31-1~deb10u3.\n\nWe recommend that you upgrade your tomcat9 packages.\n\nFor the detailed security status of tomcat9 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/tomcat9\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-01-22T18:48:45", "type": "debian", "title": "[SECURITY] [DSA 4835-1] tomcat9 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943", "CVE-2020-17527"], "modified": "2021-01-22T18:48:45", "id": "DEBIAN:DSA-4835-1:22674", "href": "https://lists.debian.org/debian-security-announce/2021/msg00014.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "f5": [{"lastseen": "2022-02-01T00:00:00", "description": "If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources. ([CVE-2020-13943](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13943>))\n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2020-10-20T16:44:00", "type": "f5", "title": "Tomcat vulnerability CVE-2020-13943", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943"], "modified": "2020-10-20T16:44:00", "id": "F5:K31573032", "href": "https://support.f5.com/csp/article/K31573032", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "tomcat": [{"lastseen": "2021-12-30T15:23:01", "description": "**Moderate: HTTP/2 request mix-up** [CVE-2020-13943](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13943>)\n\nIf an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.\n\nThis was fixed with commit [55911430](<https://github.com/apache/tomcat/commit/55911430df13f8c9998fbdee1f9716994d2db59b>).\n\nThis issue was identified by the Apache Tomcat Security team on 23 July 2020\\. The issue was made public on 12 October 2020.\n\nAffects: 9.0.0.M1 to 9.0.37", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2020-09-15T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 9.0.38", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943"], "modified": "2020-09-15T00:00:00", "id": "TOMCAT:909935A4BEB7C54CD1FA804D13CDD890", "href": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.38", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2021-12-30T15:23:01", "description": "**Moderate: HTTP/2 request mix-up** [CVE-2020-13943](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13943>)\n\nIf an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.\n\nThis was fixed with commit [1bbc650c](<https://github.com/apache/tomcat/commit/1bbc650cbc3f08d85a1ec6d803c47ae53a84f3bb>).\n\nThis issue was identified by the Apache Tomcat Security team on 23 July 2020\\. The issue was made public on 12 October 2020.\n\nAffects: 10.0.0-M1 to 10.0.0-M7", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2020-09-14T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 10.0.0-M8", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943"], "modified": "2020-09-14T00:00:00", "id": "TOMCAT:E79D9E905E19211D175E5D0226367AEA", "href": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M8", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2021-12-30T15:23:01", "description": "**Moderate: HTTP/2 request mix-up** [CVE-2020-13943](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13943>)\n\nIf an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.\n\nThis was fixed with commit [9d7def06](<https://github.com/apache/tomcat/commit/9d7def063b47407a09a2f9202beed99f4dcb292a>).\n\nThis issue was identified by the Apache Tomcat Security team on 23 July 2020\\. The issue was made public on 12 October 2020.\n\nAffects: 8.5.0 to 8.5.57", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2020-09-15T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 8.5.58", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943"], "modified": "2020-09-15T00:00:00", "id": "TOMCAT:F0049A2F4586A81E86FFD36E3616FCA3", "href": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.58", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2022-03-23T12:59:38", "description": "If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-10-12T14:15:00", "type": "cve", "title": "CVE-2020-13943", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943"], "modified": "2021-06-14T18:15:00", "cpe": ["cpe:/a:apache:tomcat:9.0.37", "cpe:/a:apache:tomcat:9.0.14", "cpe:/a:apache:tomcat:8.5.5", "cpe:/a:apache:tomcat:8.5.4", "cpe:/a:apache:tomcat:8.5.40", "cpe:/a:apache:tomcat:8.5.11", "cpe:/a:apache:tomcat:8.5.10", "cpe:/a:apache:tomcat:8.5.20", "cpe:/a:apache:tomcat:9.0.35", "cpe:/a:apache:tomcat:8.5.1", "cpe:/a:apache:tomcat:9.0.36", "cpe:/a:apache:tomcat:8.5.31", "cpe:/a:apache:tomcat:9.0.6", "cpe:/a:apache:tomcat:8.5.33", "cpe:/a:apache:tomcat:9.0.20", "cpe:/a:apache:tomcat:8.5.18", "cpe:/a:apache:tomcat:8.5.30", "cpe:/a:apache:tomcat:8.5.9", "cpe:/a:apache:tomcat:9.0.8", "cpe:/a:apache:tomcat:8.5.6", "cpe:/a:apache:tomcat:9.0.2", "cpe:/a:apache:tomcat:8.5.53", "cpe:/a:apache:tomcat:8.5.13", "cpe:/a:apache:tomcat:9.0.27", "cpe:/a:apache:tomcat:8.5.51", "cpe:/a:apache:tomcat:8.5.0", "cpe:/a:apache:tomcat:8.5.36", "cpe:/a:apache:tomcat:8.5.29", "cpe:/a:apache:tomcat:8.5.24", "cpe:/a:apache:tomcat:9.0.26", "cpe:/a:apache:tomcat:8.5.12", "cpe:/a:apache:tomcat:8.5.22", "cpe:/a:apache:tomcat:8.5.27", "cpe:/a:apache:tomcat:9.0.18", "cpe:/a:apache:tomcat:9.0.0", "cpe:/a:apache:tomcat:9.0.22", "cpe:/a:apache:tomcat:9.0.28", "cpe:/a:apache:tomcat:8.5.8", "cpe:/a:apache:tomcat:9.0.32", "cpe:/a:apache:tomcat:9.0.33", "cpe:/a:apache:tomcat:9.0.13", "cpe:/a:apache:tomcat:8.5.35", "cpe:/a:apache:tomcat:9.0.19", "cpe:/a:apache:tomcat:8.5.54", "cpe:/a:apache:tomcat:8.5.3", "cpe:/a:apache:tomcat:9.0.1", "cpe:/a:apache:tomcat:8.5.42", "cpe:/a:apache:tomcat:8.5.16", "cpe:/a:apache:tomcat:9.0.16", "cpe:/a:apache:tomcat:9.0.31", "cpe:/a:apache:tomcat:8.5.38", "cpe:/a:apache:tomcat:8.5.15", "cpe:/a:apache:tomcat:8.5.34", "cpe:/a:apache:tomcat:9.0.5", "cpe:/a:apache:tomcat:8.5.23", "cpe:/a:apache:tomcat:9.0.17", "cpe:/a:apache:tomcat:8.5.55", "cpe:/a:apache:tomcat:9.0.30", "cpe:/a:apache:tomcat:9.0.25", "cpe:/a:apache:tomcat:8.5.50", "cpe:/a:apache:tomcat:8.5.46", "cpe:/a:apache:tomcat:8.5.48", "cpe:/a:apache:tomcat:9.0.15", "cpe:/a:apache:tomcat:8.5.2", "cpe:/a:apache:tomcat:8.5.32", "cpe:/a:apache:tomcat:10.0.0", "cpe:/a:apache:tomcat:8.5.17", "cpe:/a:apache:tomcat:8.5.28", "cpe:/a:apache:tomcat:8.5.43", "cpe:/a:apache:tomcat:9.0.21", "cpe:/a:apache:tomcat:9.0.3", "cpe:/a:apache:tomcat:8.5.25", "cpe:/a:apache:tomcat:9.0.23", "cpe:/a:apache:tomcat:9.0.11", "cpe:/a:apache:tomcat:8.5.41", "cpe:/a:apache:tomcat:9.0.29", "cpe:/a:apache:tomcat:9.0.9", "cpe:/a:apache:tomcat:8.5.21", "cpe:/a:apache:tomcat:8.5.44", "cpe:/a:apache:tomcat:8.5.26", "cpe:/a:apache:tomcat:8.5.14", "cpe:/a:apache:tomcat:8.5.57", "cpe:/a:apache:tomcat:9.0.10", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:apache:tomcat:9.0.4", "cpe:/a:apache:tomcat:8.5.7", "cpe:/a:apache:tomcat:8.5.49", "cpe:/a:apache:tomcat:9.0.7", "cpe:/a:apache:tomcat:8.5.39", "cpe:/a:apache:tomcat:8.5.37", "cpe:/a:apache:tomcat:8.5.45", "cpe:/a:apache:tomcat:8.5.56", "cpe:/a:apache:tomcat:8.5.52", "cpe:/a:apache:tomcat:8.5.19", "cpe:/a:apache:tomcat:8.5.47", "cpe:/a:apache:tomcat:9.0.34", "cpe:/a:apache:tomcat:9.0.24", "cpe:/a:apache:tomcat:9.0.12"], "id": "CVE-2020-13943", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13943", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:8.5.45:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.52:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.43:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.48:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone7:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.55:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.50:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.51:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.44:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.42:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.41:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.56:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.47:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.46:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.54:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.40:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.49:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.38:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.57:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.53:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.36:*:*:*:*:*:*:*"]}], "atlassian": [{"lastseen": "2022-01-05T06:13:32", "description": "Affected versions of Atlassian Jira Server and Data Center\u00a0used versions of Apache Tomcat that were vulnerable to [CVE-2020-13943|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13943].\r\n\r\nThe affected versions of Jira Server and Data Center are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.15.0.\r\n\r\n\u00a0\r\n\r\n*Affected versions:*\r\n * version < 8.5.14\r\n * 8.6.0 \u2264 version < 8.13.6\r\n * 8.14.0 \u2264 version < 8.15.0\r\n\r\n*Fixed versions:*\r\n * 8.5.14\r\n * 8.13.6\r\n * 8.15.0 \u00a0", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2021-08-16T03:40:01", "type": "atlassian", "title": "Jira is affected by Tomcat CVE-2020-13943", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943"], "modified": "2021-09-22T15:56:56", "id": "JRASERVER-72706", "href": "https://jira.atlassian.com/browse/JRASERVER-72706", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2021-09-22T16:42:23", "description": "Affected versions of Atlassian Jira Server and Data Center\u00a0used versions of Apache Tomcat that were vulnerable to [CVE-2020-13943|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13943].\r\n\r\nThe affected versions of Jira Server and Data Center are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.15.0.\r\n\r\n\u00a0\r\n\r\n*Affected versions:*\r\n * version < 8.5.14\r\n * 8.6.0 \u2264 version < 8.13.6\r\n * 8.14.0 \u2264 version < 8.15.0\r\n\r\n*Fixed versions:*\r\n * 8.5.14\r\n * 8.13.6\r\n * 8.15.0 \u00a0", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2021-08-16T03:40:01", "type": "atlassian", "title": "Jira is affected by Tomcat CVE-2020-13943", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943"], "modified": "2021-09-22T15:56:56", "id": "ATLASSIAN:JRASERVER-72706", "href": "https://jira.atlassian.com/browse/JRASERVER-72706", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2021-12-13T00:44:46", "description": "h3. Issue Summary\r\n\r\nThe recently disclosed vulnerability regarding Apache Tomcat\r\n * [CVE-2021-33037|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33037], [CVE-2021-33037|https://nvd.nist.gov/vuln/detail/CVE-2021-33037] (Base Score: 5.3 MEDIUM)\r\n * [CVE-2021-42340|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42340] (NVD score not yet provided.)\r\n{quote}The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.\r\n{quote}\r\n\r\naffects the following versions:\r\n * Apache Tomcat 10.0.0-M1 to 10.0.6\r\n * Apache Tomcat 9.0.0.M1 to 9.0.53\r\n * Apache Tomcat 8.5.60 to 8.5.71\r\n\r\nWe should bundle a more recent version of Tomcat so that Jira is not affected by this in the future.\r\nCurrent bundled version of Tomcat *8.5.68*\r\nh3. Steps to Reproduce\r\n * Check the CVE reports:\r\n ** [CVE-2021-33037|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33037]\r\n\r\nh3. Expected Results\r\n * Not applicable.\r\n\r\nh3. Actual Results\r\n * Not applicable.\r\n\r\nh3. Workaround\r\n * Manually upgrade Tomcat according to our [documentation|https://confluence.atlassian.com/jirakb/how-to-upgrade-apache-tomcat-version-used-by-jira-879957866.html].\r\n\r\nh3. Note on fix\r\n\r\nJira 8.21.0 is shipped with Apache Tomcat 8.5.72", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.2}, "published": "2021-07-14T11:35:20", "type": "atlassian", "title": "Upgrade the bundled version of Apache Tomcat to 8.5.68 or later", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25122", "CVE-2020-13943", "CVE-2021-30640", "CVE-2021-33037", "CVE-2021-25329", "CVE-2021-42340"], "modified": "2021-12-12T23:55:45", "id": "ATLASSIAN:JRASERVER-72609", "href": "https://jira.atlassian.com/browse/JRASERVER-72609", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-02-10T00:00:00", "description": "h3. Issue Summary\r\n\r\nThe recently disclosed vulnerability regarding Apache Tomcat\r\n * [CVE-2021-33037|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33037], [CVE-2021-33037|https://nvd.nist.gov/vuln/detail/CVE-2021-33037] (Base Score: 5.3 MEDIUM)\r\n * [CVE-2021-42340|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42340] (NVD score not yet provided.)\r\n{quote}The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.\r\n{quote}\r\n\r\naffects the following versions:\r\n * Apache Tomcat 10.0.0-M1 to 10.0.6\r\n * Apache Tomcat 9.0.0.M1 to 9.0.53\r\n * Apache Tomcat 8.5.60 to 8.5.71\r\n\r\nWe should bundle a more recent version of Tomcat so that Jira is not affected by this in the future.\r\nCurrent bundled version of Tomcat *8.5.68*\r\nh3. Steps to Reproduce\r\n * Check the CVE reports:\r\n ** [CVE-2021-33037|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33037]\r\n\r\nh3. Expected Results\r\n * Not applicable.\r\n\r\nh3. Actual Results\r\n * Not applicable.\r\n\r\nh3. Workaround\r\n * Manually upgrade Tomcat according to our [documentation|https://confluence.atlassian.com/jirakb/how-to-upgrade-apache-tomcat-version-used-by-jira-879957866.html].\r\n\r\nh3. Note on fix\r\n\r\nJira 8.21.0 is shipped with Apache Tomcat 8.5.72", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-07-14T11:35:20", "type": "atlassian", "title": "Upgrade the bundled version of Apache Tomcat to 8.5.68 or later", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943", "CVE-2021-25122", "CVE-2021-25329", "CVE-2021-30640", "CVE-2021-33037", "CVE-2021-42340"], "modified": "2022-01-31T19:24:54", "id": "JRASERVER-72609", "href": "https://jira.atlassian.com/browse/JRASERVER-72609", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "osv": [{"lastseen": "2022-06-10T04:57:27", "description": "If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-02-09T23:03:53", "type": "osv", "title": "Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943"], "modified": "2022-06-10T02:17:17", "id": "OSV:GHSA-F268-65QC-98VG", "href": "https://osv.dev/vulnerability/GHSA-f268-65qc-98vg", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "debiancve": [{"lastseen": "2022-06-26T14:37:16", "description": "If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-10-12T14:15:00", "type": "debiancve", "title": "CVE-2020-13943", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943"], "modified": "2020-10-12T14:15:00", "id": "DEBIANCVE:CVE-2020-13943", "href": "https://security-tracker.debian.org/tracker/CVE-2020-13943", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "github": [{"lastseen": "2022-04-15T14:32:07", "description": "If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-02-09T23:03:53", "type": "github", "title": "Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943"], "modified": "2022-02-09T23:04:16", "id": "GHSA-F268-65QC-98VG", "href": "https://github.com/advisories/GHSA-f268-65qc-98vg", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2021-11-22T18:42:21", "description": "Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.\n\nThis release of Red Hat support for Spring Boot 2.4.9 serves as a replacement for Red Hat support for Spring Boot 2.3.10 and includes security, bug fixes, and enhancements. For more information, see the release notes listed in the References section.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat HTTP/2 Request mix-up (CVE-2020-13943)\n\n* tomcat: HTTP/2 request header mix-up (CVE-2020-17527)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-10-28T07:47:56", "type": "redhat", "title": "(RHSA-2021:4012) Moderate: Red Hat support for Spring Boot 2.4.9 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943", "CVE-2020-17527"], "modified": "2021-10-28T07:48:42", "id": "RHSA-2021:4012", "href": "https://access.redhat.com/errata/RHSA-2021:4012", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-19T20:39:21", "description": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.4.1 serves as a replacement for Red Hat JBoss Web Server 5.4.0, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat HTTP/2 Request mix-up (CVE-2020-13943)\n* tomcat: HTTP/2 request header mix-up (CVE-2020-17527)\n* tomcat: Information disclosure when using NTFS file system (CVE-2021-24122)\n* openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-02-11T13:46:15", "type": "redhat", "title": "(RHSA-2021:0495) Moderate: Red Hat JBoss Web Server 5.4.1 Security Update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943", "CVE-2020-17527", "CVE-2020-1971", "CVE-2021-24122"], "modified": "2021-02-11T13:47:03", "id": "RHSA-2021:0495", "href": "https://access.redhat.com/errata/RHSA-2021:0495", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-19T20:37:39", "description": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.4.1 serves as a replacement for Red Hat JBoss Web Server 5.4.0, and includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat HTTP/2 Request mix-up (CVE-2020-13943)\n* tomcat: HTTP/2 request header mix-up (CVE-2020-17527)\n* tomcat: Information disclosure when using NTFS file system (CVE-2021-24122)\n* openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-02-11T13:39:58", "type": "redhat", "title": "(RHSA-2021:0494) Moderate: Red Hat JBoss Web Server 5.4.1 Security Update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943", "CVE-2020-17527", "CVE-2020-1971", "CVE-2021-24122"], "modified": "2021-02-11T13:46:01", "id": "RHSA-2021:0494", "href": "https://access.redhat.com/errata/RHSA-2021:0494", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-14T22:39:33", "description": "This release of Red Hat Fuse 7.10.0 serves as a replacement for Red Hat Fuse 7.9, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* log4j-core (CVE-2020-9488, CVE-2021-44228)\n\n* nodejs-lodash (CVE-2019-10744)\n\n* libthrift (CVE-2020-13949)\n\n* xstream (CVE-2020-26217, CVE-2020-26259, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351)\n\n* undertow (CVE-2020-27782, CVE-2021-3597, CVE-2021-3629, CVE-2021-3690)\n\n* xmlbeans (CVE-2021-23926)\n\n* batik (CVE-2020-11987)\n\n* xmlgraphics-commons (CVE-2020-11988)\n\n* tomcat (CVE-2020-13943)\n\n* bouncycastle (CVE-2020-15522, CVE-2020-15522)\n\n* groovy (CVE-2020-17521)\n\n* tomcat (CVE-2020-17527)\n\n* jetty (CVE-2020-27218, CVE-2020-27223, CVE-2021-28163, CVE-2021-28164, CVE-2021-28169, CVE-2021-34428)\n\n* jackson-dataformat-cbor (CVE-2020-28491)\n\n* jboss-remoting (CVE-2020-35510)\n\n* kubernetes-client (CVE-2021-20218)\n\n* netty (CVE-2021-21290, CVE-2021-21295, CVE-2021-21409)\n\n* spring-web (CVE-2021-22118)\n\n* cxf-core (CVE-2021-22696)\n\n* json-smart (CVE-2021-27568)\n\n* jakarta.el (CVE-2021-28170)\n\n* commons-io (CVE-2021-29425)\n\n* sshd-core (CVE-2021-30129)\n\n* cxf-rt-rs-json-basic (CVE-2021-30468)\n\n* netty-codec (CVE-2021-37136, CVE-2021-37137)\n\n* jsoup (CVE-2021-37714)\n\n* poi (CVE-2019-12415)\n\n* mysql-connector-java (CVE-2020-2875, CVE-2020-2934)\n\n* wildfly (CVE-2021-3536)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-12-14T21:27:54", "type": "redhat", "title": "(RHSA-2021:5134) Critical: Red Hat Fuse 7.10.0 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10744", "CVE-2019-12415", "CVE-2020-11987", "CVE-2020-11988", "CVE-2020-13943", "CVE-2020-13949", "CVE-2020-15522", "CVE-2020-17521", "CVE-2020-17527", "CVE-2020-26217", "CVE-2020-26259", "CVE-2020-27218", "CVE-2020-27223", "CVE-2020-27782", "CVE-2020-28491", "CVE-2020-2875", "CVE-2020-2934", "CVE-2020-35510", "CVE-2020-9488", "CVE-2021-20218", "CVE-2021-21290", "CVE-2021-21295", "CVE-2021-21341", "CVE-2021-21342", "CVE-2021-21343", "CVE-2021-21344", "CVE-2021-21345", "CVE-2021-21346", "CVE-2021-21347", "CVE-2021-21348", "CVE-2021-21349", "CVE-2021-21350", "CVE-2021-21351", "CVE-2021-21409", "CVE-2021-22118", "CVE-2021-22696", "CVE-2021-23926", "CVE-2021-27568", "CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28169", "CVE-2021-28170", "CVE-2021-29425", "CVE-2021-30129", "CVE-2021-30468", "CVE-2021-34428", "CVE-2021-3536", "CVE-2021-3597", "CVE-2021-3629", "CVE-2021-3690", "CVE-2021-37136", "CVE-2021-37137", "CVE-2021-37714", "CVE-2021-44228"], "modified": "2021-12-14T21:28:27", "id": "RHSA-2021:5134", "href": "https://access.redhat.com/errata/RHSA-2021:5134", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "photon": [{"lastseen": "2022-05-12T18:46:44", "description": "Updates of ['apache-tomcat', 'python3'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-07T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2020-0161", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943", "CVE-2020-27619"], "modified": "2020-11-07T00:00:00", "id": "PHSA-2020-0161", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-161", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-03T17:58:58", "description": "An update of {'python3', 'apache-tomcat'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-07T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-3.0-0161", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943", "CVE-2020-27619"], "modified": "2020-11-07T00:00:00", "id": "PHSA-2020-3.0-0161", "href": "https://github.com/vmware/photon/wiki/Security-Updates-3.0-161", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-03T20:57:36", "description": "An update of {'python3', 'apache-tomcat', 'linux-secure', 'ruby', 'linux-aws', 'pam_tacplus', 'linux-esx', 'linux'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-12T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-2.0-0295", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943", "CVE-2020-25613", "CVE-2020-25645", "CVE-2020-25704", "CVE-2020-27619", "CVE-2020-27743", "CVE-2020-8694"], "modified": "2020-11-12T00:00:00", "id": "PHSA-2020-2.0-0295", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-295", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-29T05:19:54", "description": "Updates of ['linux-aws', 'linux-secure', 'ruby', 'python3', 'linux-esx', 'linux', 'apache-tomcat', 'pam_tacplus'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-12T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2020-0295", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943", "CVE-2020-25613", "CVE-2020-25645", "CVE-2020-25704", "CVE-2020-27619", "CVE-2020-27743", "CVE-2020-8694"], "modified": "2020-11-12T00:00:00", "id": "PHSA-2020-0295", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-295", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-03T11:48:26", "description": "An update of {'python3', 'linux', 'linux-esx', 'pam_tacplus', 'mysql', 'ruby', 'apache-tomcat'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-17T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-1.0-0338", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943", "CVE-2020-14672", "CVE-2020-14760", "CVE-2020-14765", "CVE-2020-14769", "CVE-2020-14775", "CVE-2020-14776", "CVE-2020-14789", "CVE-2020-14790", "CVE-2020-14793", "CVE-2020-14812", "CVE-2020-14827", "CVE-2020-14867", "CVE-2020-14869", "CVE-2020-25613", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25705", "CVE-2020-27619", "CVE-2020-27743", "CVE-2020-28974", "CVE-2020-8694"], "modified": "2020-11-17T00:00:00", "id": "PHSA-2020-1.0-0338", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-338", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:C"}}, {"lastseen": "2022-05-12T17:59:11", "description": "Updates of ['python3', 'ruby', 'linux', 'apache-tomcat', 'linux-esx', 'mysql', 'pam_tacplus'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-17T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2020-0338", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12351", "CVE-2020-12352", "CVE-2020-13943", "CVE-2020-14672", "CVE-2020-14760", "CVE-2020-14765", "CVE-2020-14769", "CVE-2020-14775", "CVE-2020-14776", "CVE-2020-14789", "CVE-2020-14790", "CVE-2020-14793", "CVE-2020-14812", "CVE-2020-14827", "CVE-2020-14867", "CVE-2020-14869", "CVE-2020-25613", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25705", "CVE-2020-27619", "CVE-2020-27743", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-8694"], "modified": "2020-11-17T00:00:00", "id": "PHSA-2020-0338", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-338", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:C"}}], "ibm": [{"lastseen": "2022-06-28T22:09:44", "description": "## Summary\n\nMultiple Apache Tomcat vulnerabilities affect IBM Control Center. See vulnerability details for descriptions.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-9484](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484>) \n** DESCRIPTION: **Apache Tomcat could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization when the server is configured to use the PersistenceManager with a FileStore. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182231](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182231>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-11996](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11996>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted sequence of HTTP/2 requests, a remote attacker could exploit this vulnerability to trigger high CPU usage for several seconds. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184012](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184012>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-13934](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by not releasing the HTTP/1.1 processor after the upgrade to HTTP/2 in an h2c direct connection. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause OutOfMemoryException resulting in a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185239](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185239>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-13935](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by improper validation of the payload length in a WebSocket frame. By sending multiple requests with invalid payload lengths, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-13943](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13943>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a flaw when HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to see the responses for unexpected resources, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189643](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189643>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-17527](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17527>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an issue when the HTTP request header value can be reused from the previous stream received on an HTTP/2 connection. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192612](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192612>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-24122](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a flaw when serving resources from a network location using the NTFS file system. By sending a specially-crafted request, an attacker could exploit this vulnerability to view the source code for JSPs in some configurations, and use this information to launch further attacks against the affected system. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194894](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194894>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Control Center| 6.2.0.0 \n \n\n\n## Remediation/Fixes\n\n**Product** | \n\n**VRMF**\n\n| \n\n**iFix**\n\n| \n\n**Remediation** \n \n---|---|---|--- \n \nIBM Control Center\n\n| \n\n6.2.0.0\n\n| \n\niFix08\n\n| \n\n[Fix Central - 6.2.0.0](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Control+Center&release=6.2.0.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n13 May 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SS9GLA\",\"label\":\"IBM Control Center\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF051\",\"label\":\"Linux on IBM Z Systems\"}],\"Version\":\"6.2.0.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-14T21:27:15", "type": "ibm", "title": "Security Bulletin: Multiple Apache Tomcat Vulnerabilities Affect IBM Control Center", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11996", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-13943", "CVE-2020-17527", "CVE-2020-9484", "CVE-2021-24122"], "modified": "2021-05-14T21:27:15", "id": "C53D3C47BD4A155045F99C1E4CBF677182A1008DEB57811C876885F82676C572", "href": "https://www.ibm.com/support/pages/node/6453463", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:06:13", "description": "## Summary\n\nIBM Data Risk Manager has addressed the following vulnerabilities:\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-14305](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14305>) \n** DESCRIPTION: **Linux Kernel could allow a remote attacker to gain elevated privileges on the system, caused by an out-of-bounds memory write flaw in how the Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. An attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192482](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192482>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-10942](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10942>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by improper validation of an sk_family field by the get_raw_socket function in drivers/vhost/net.c. By sending specially-crafted system calls, a local attacker could exploit this vulnerability to cause a kernel stack corruption resulting in a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178539](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178539>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2732](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2732>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by an issue with the vmx_check_intercept function not fully implemented by KVM on Intel processors. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive L1 resource information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176766](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176766>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-9383](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9383>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the set_fdc function in drivers/block/floppy.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176792](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176792>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2021-24122](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a flaw when serving resources from a network location using the NTFS file system. By sending a specially-crafted request, an attacker could exploit this vulnerability to view the source code for JSPs in some configurations, and use this information to launch further attacks against the affected system. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194894](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194894>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N) \n \n** CVEID: **[CVE-2020-25695](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25695>) \n** DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw when creating non-temporary objects in at least one schema. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary SQL functions under the identity of a superuser. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191771](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191771>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-25694](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25694>) \n** DESCRIPTION: **PostgreSQL could allow a remote attacker to obtain sensitive information, caused by the use of clear-text transmissions when reusing the basic connection parameters while dropping security-relevant parameters. By using man-in-the-middle attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191770](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191770>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-5412](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5412>) \n** DESCRIPTION: **Spring Cloud Netflix could allow a remote attacker to bypass security restrictions, caused by a flaw when using the Hystrix Dashboard proxy.stream endpoint. An attacker could exploit this vulnerability to send a request to other servers that should not be exposed publicly. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186504](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186504>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-11656](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11656>) \n** DESCRIPTION: **SQLite could allow a remote attacker to obtain sensitive information, caused by a use-after-free in the ALTER TABLE implementation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/180285](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180285>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-11655](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11655>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by mishandling the AggInfo object's initialization. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/180289](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180289>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-10754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10754>) \n** DESCRIPTION: **NetworkManager could allow a remote authenticated attacker to bypass security restrictions, caused by improper configuration in the nmcli. By connecting to a network, an attacker could exploit this vulnerability to bypass authentication. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-5411](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5411>) \n** DESCRIPTION: **VMware Spring Batch could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization when configured to enable default typing. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183336](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183336>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-25696](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25696>) \n** DESCRIPTION: **PostgreSQL could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the psql interactive terminal. If an interactive psql session uses \\gset when querying a compromised server, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192321](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192321>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-19768](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19768>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-19338](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19338>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a Transaction Asynchronous Abort (TAA) h/w issue in KVM. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172836](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172836>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-19767](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19767>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the __ext4_expand_extra_isize and ext4_xattr_set_entry functions in fs/ext4/inode.c and fs/ext4/super.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173054](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173054>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-19332](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19332>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds memory write in KVM hypervisor. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173143](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173143>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-19447](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19447>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the ext4_put_super function in fs/ext4/super.c. By using a specially-crafted image file, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172760](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172760>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-5408](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5408>) \n** DESCRIPTION: **VMware Tanzu Spring Security could allow a remote attacker to obtain sensitive information, caused by the use of a fixed null initialization vector with CBC Mode. By using dictionary attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181969](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181969>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-5407](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5407>) \n** DESCRIPTION: **Spring Security could allow a remote attacker to bypass security restrictions, caused by a signature wrapping vulnerability during SAML response validation. An attacker could exploit this vulnerability to modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181939](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181939>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-13943](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13943>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a flaw when HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to see the responses for unexpected resources, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189643](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189643>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-9327](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9327>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by a NULL pointer dereference in isAuxiliaryVtabOperator. By generating column optimization, a remote attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176691](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176691>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-17527](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17527>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an issue when the HTTP request header value can be reused from the previous stream received on an HTTP/2 connection. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192612](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192612>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-8647](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8647>) \n** DESCRIPTION: **Linux kernel could allow a remote attacker to obtain sensitive information, caused by a use-after-free in the vc_do_resize function of drivers/tty/vt/vt.c. An attacker could exploit this vulnerability to read memory that should not be available for access. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175842](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175842>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2020-8649](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8649>) \n** DESCRIPTION: **Linux kernel could allow a remote attacker to obtain sensitive information, caused by a use-after-free in the vgacon_invert_region function of drivers/video/console/vgacon.c. An attacker could exploit this vulnerability to read memory that should not be available for access. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175844](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175844>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2020-2590](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2590>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174538](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174538>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-14792](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14792>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Hotspot component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190110](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190110>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-14797](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14797>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190115](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190115>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-14779](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14779>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190097](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190097>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14796](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14796>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190114](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190114>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-12352](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12352>) \n** DESCRIPTION: **Linux Kernel could allow a remote attacker to obtain sensitive information, caused by improper access control in the BlueZ implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189720](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189720>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-12351](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12351>) \n** DESCRIPTION: **Linux Kernel could allow a remote attacker to gain elevated privileges on the system, caused by improper input validation in the BlueZ implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189719](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189719>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-12770](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12770>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an issue with sg_write lacks an sg_remove_request call in a certain failure case. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181750](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181750>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-10693](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10693>) \n** DESCRIPTION: **Hibernate Hibernate Validator could allow a remote attacker to bypass security restrictions, caused by a flaw in the message interpolation processor. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass input sanitation controls when handling user-controlled data in error messages. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182240](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182240>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-11565](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11565>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a stack-based out-of-bounds write flaw in the mpol_parse_str function in mm/mempolicy.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179100](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179100>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-10690](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10690>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the cdev_put function in the Precision Time Protocol (PTP). By removing a PTP device while chardev is open, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/180182](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180182>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-13934](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by not releasing the HTTP/1.1 processor after the upgrade to HTTP/2 in an h2c direct connection. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause OutOfMemoryException resulting in a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185239](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185239>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-5413](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5413>) \n** DESCRIPTION: **VMware Tanzu Spring Integration could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization when configuring Kryo in code. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186211](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186211>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-10751](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10751>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by a flaw with improper validation of first netlink message by the SELinux LSM hook implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to allow or deny the rest of the netlink messages within the skb with the granted permission without further processing. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182451](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182451>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N) \n \n** CVEID: **[CVE-2020-2601](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2601>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174548](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174548>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-10732](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10732>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the implementation of Userspace core dumps. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a program to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181554](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181554>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-18282](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18282>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to obtain sensitive information, caused by a device tracking vulnerability in flow_dissector feature. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174716](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174716>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-14349](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14349>) \n** DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to execute arbitrary command on the system, caused by improper sanitization of search_path during logical replication. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary SQL command in the context of the user used for replication. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/187185](<https://exchange.xforce.ibmcloud.com/vulnerabilities/187185>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-14350](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14350>) \n** DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by the failure to use search_path safely in their installation script. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary script. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/187183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/187183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-25212](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25212>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a TOCTOU mismatch in the NFS client code. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or corrupt memory. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188137](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188137>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-15358](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15358>) \n** DESCRIPTION: **SQLite is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the mishandling of query-flattener optimization in select.c. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-24394](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24394>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by the lack of ACL support to the filesystems in fs/nfsd/vfs.c (in the NFS server). By sending a specially-crafted request, an attacker could exploit this vulnerability to set incorrect permissions on new filesystem objects. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186968](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186968>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-20636](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20636>) \n** DESCRIPTION: **Linux Linux could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw in the input_set_keycode function. By using a specially-crafted keycode table, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181202](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181202>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-14331](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14331>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds write flaw in the implementation of the invert video code on VGA consoles. By sending a specially-crafted request to resize the console, an authenticated attacker could exploit this vulnerability to gain elevated privileges or crash the system. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185987](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185987>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-11971](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11971>) \n** DESCRIPTION: **Apache Camel could allow a remote attacker to obtain sensitive information, caused by a rebind flaw in JMX. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181961](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181961>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-11973](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11973>) \n** DESCRIPTION: **Apache Camel could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Java application component in Netty. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181963](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181963>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-11972](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11972>) \n** DESCRIPTION: **Apache Camel could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Java application component in RabbitMQ. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181962](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181962>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-13435](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13435>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by flaw in the sqlite3ExprCodeTarget function in expr.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182406](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182406>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-13434](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13434>) \n** DESCRIPTION: **SQLite is vulnerable to a stack-based buffer overflow, caused by an integer overflow in the sqlite3_str_vappendf function. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182405](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182405>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-10757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10757>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a flaw when mremap a mmaped DAX nvdimm to a mmaped anonymous memory region. By executing a specially-crafted program, a local attacker could exploit this vulnerability to cause corrupted page table resulting in a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182919](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182919>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-12826](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12826>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to bypass security restrictions, caused by a signal access-control issue in exec_id in include/linux/sched.h. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass checks to send any signal to a privileged process. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182113](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182113>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-1749](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1749>) \n** DESCRIPTION: **Linux Kernel could allow a remote attacker to obtain sensitive information, caused by an error in the implementation of some ipv6 protocols in encrypted Ipsec tunnels. By using man-in-the-middle attack techniques, an attacker could exploit this vulnerability to read the traffic unencrypted. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181872](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181872>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-14583](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14583>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185061](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185061>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-14593](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14593>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the 2D component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185071](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185071>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-14621](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14621>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185099](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185099>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-14556](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185034](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185034>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-14581](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14581>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the 2D component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185059](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185059>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-14579](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185057](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185057>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14578](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185056](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185056>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14577](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-17639](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17639>) \n** DESCRIPTION: **Eclipse OpenJ9 could allow a remote attacker to obtain sensitive information, caused by the premature return of the current method with an undefined return value. By invoking the System.arraycopy method with a length longer than the length of the source or destination array can, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185437](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185437>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-13631](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13631>) \n** DESCRIPTION: **SQLite could allow a remote attacker to bypass security restrictions, caused by a flaw in the alter.c and build.c. By sending a specially crafted request, an attacker could exploit this vulnerability to rename the virtual table to the name of one of its shadow tables. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182611](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182611>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-13632](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13632>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by a NULL pointer dereference in ext/fts3/fts3_snippet.c. By sending a specially crafted matchinfo() query, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182610](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182610>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-13630](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13630>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by a use-after-free in fts3EvalNextRow in ext/fts3/fts3.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182613](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182613>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-5421](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5421>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by improper input validation. By using a specially-crafted jsessionid path parameter, an attacker could exploit this vulnerability to bypass RFD Protection. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188530](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188530>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-14385](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14385>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a failure of the file system metadata validator in XFS. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause the system to shutdown. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188394](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188394>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14314](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14314>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a memory out-of-bounds read flaw. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188395](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188395>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-13935](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by improper validation of the payload length in a WebSocket frame. By sending multiple requests with invalid payload lengths, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-25643](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25643>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a memory corruption and a read overflow flaws in the ppp_cp_parse_cr function in the HDLC_PPP module. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the system to crash or a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189415](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189415>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-25638](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25638>) \n** DESCRIPTION: **Hibernate ORM is vulnerable to SQL injection, caused by misconfiguration for hibernate.use_sql_comments. A remote attacker could send specially-crafted SQL statements to view, add, modify or delete information in the back-end database. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192057](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192057>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2019-14895](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14895>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the mwifiex_process_country_ie function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c. By sending a specially-crafted beacon packet, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172101](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172101>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-17133](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17133>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the cfg80211_mgd_wext_giwessid functions in net/wireless/wext-sme.c. By sending an overly long long SSID IE, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168370](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168370>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-18660](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18660>) \n** DESCRIPTION: **Linux Kernel for PowerPC could allow a local authenticated attacker to obtain sensitive information, caused by the failure to activate the mitigation for Spectre-RSB on context switch. By using side channel attacks, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172297](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172297>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-19046](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19046>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c. A remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171754](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171754>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-17666](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17666>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the rtl_p2p_noa_ie function in drivers/net/wireless/realtek/rtlwifi/ps.c. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169487](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169487>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-19062](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19062>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the crypto_report() function in crypto/crypto_user_base.c. A remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171776](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171776>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-14901](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14901>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the mwifiex_process_tdls_action_frame function in marvell/mwifiex/tdls.c. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172100](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172100>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-20907](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20907>) \n** DESCRIPTION: **Python is vulnerable to a denial of service, caused by a flaw in the tarfile module in Lib/tarfile.py. By persuading a victim to open a specially-craft a TAR archive, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185442](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185442>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM DRM| 2.0.6 \n \n\n\n## Remediation/Fixes\n\nTo obtain fixes for all reported issues, customers are advised first to upgrade to v2.0.6.6, and then apply the latest FixPack 2.0.6.7. The FixPack is not cumulative. So it must be applied on top of 2.0.6.6 in sequence.\n\n_Product_| _VRMF_| _APAR \n_| _Remediation / First Fix_ \n---|---|---|--- \nIBM Data Risk Manager| 2.0.6| \n\n-\n\n| \n\n1) Apply [DRM_2.0.6.1_Fixpack ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.4.1&platform=Linux&function=all>)\n\n2) Apply [DRM_2.0.6.2_Fixpack ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.1&platform=Linux&function=all>)\n\n3) Apply [DRM_2.0.6.3_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.2&platform=Linux&function=all>)\n\n4) Apply [DRM_2.0.6.4_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all> \"DRM_2.0.6.4_FixPack\" )\n\n5) Apply [DRM_2.0.6.5_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all>)\n\n6) Apply [DRM_2.0.6.6_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.5&platform=Linux&function=all>)\n\n7) Apply [DRM_2.0.6.7_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.6&platform=Linux&function=all>) \n \nIBM Data Risk Manager| 2.0.6.1| \n\n-\n\n| \n\n1) Apply [DRM_2.0.6.2_Fixpack ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.1&platform=Linux&function=all>)\n\n2) Apply [DRM_2.0.6.3_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.2&platform=Linux&function=all>)\n\n3) Apply [DRM_2.0.6.4_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all> \"DRM_2.0.6.4_FixPack\" )\n\n4) Apply [DRM_2.0.6.5_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all>)\n\n5) Apply [DRM_2.0.6.6_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.5&platform=Linux&function=all>)\n\n6) Apply [DRM_2.0.6.7_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.6&platform=Linux&function=all>) \n \nIBM Data Risk Manager| 2.0.6.2| \n\n-\n\n| \n\n1) Apply [DRM_2.0.6.3_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.2&platform=Linux&function=all>)\n\n2) Apply [DRM_2.0.6.4_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all> \"DRM_2.0.6.4_FixPack\" )\n\n3) Apply [DRM_2.0.6.5_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all>)\n\n4) Apply [DRM_2.0.6.6_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.5&platform=Linux&function=all>)\n\n5) Apply [DRM_2.0.6.7_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.6&platform=Linux&function=all>) \n \nIBM Data Risk Manager| 2.0.6.3| \n\n-\n\n| \n\n1) Apply [DRM_2.0.6.4_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all> \"DRM_2.0.6.4_FixPack\" )\n\n2) Apply [DRM_2.0.6.5_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all>)\n\n3) Apply [DRM_2.0.6.6_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.5&platform=Linux&function=all>)\n\n4) Apply [DRM_2.0.6.7_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.6&platform=Linux&function=all>) \n \nIBM Data Risk Manager| 2.0.6.4| \n\n-\n\n| \n\n1) Apply [DRM_2.0.6.5_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.3&platform=Linux&function=all>)\n\n2) Apply [DRM_2.0.6.6_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.5&platform=Linux&function=all>)\n\n3) Apply [DRM_2.0.6.7_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.6&platform=Linux&function=all>) \n \nIBM Data Risk Manager| 2.0.6.5| \n\n- \n\n\n| \n\n1) Apply [DRM_2.0.6.6_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.5&platform=Linux&function=all>)\n\n2) Apply [DRM_2.0.6.7_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.6&platform=Linux&function=all>) \n \nIBM Data Risk Manager| 2.0.6.6| \n\n- \n\n\n| \n\n1) Apply [DRM_2.0.6.7_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.6&platform=Linux&function=all>) \n \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n28 Jan 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSJQ6V\",\"label\":\"IBM Data Risk Manager\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF004\",\"label\":\"Appliance\"}],\"Version\":\"2.0.6\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-02T05:06:51", "type": "ibm", "title": "Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14895", "CVE-2019-14901", "CVE-2019-17133", "CVE-2019-17639", "CVE-2019-17666", "CVE-2019-18282", "CVE-2019-18660", "CVE-2019-19046", "CVE-2019-19062", "CVE-2019-19332", "CVE-2019-19338", "CVE-2019-19447", "CVE-2019-19767", "CVE-2019-19768", "CVE-2019-20636", "CVE-2019-20907", "CVE-2020-10690", "CVE-2020-10693", "CVE-2020-10732", "CVE-2020-10751", "CVE-2020-10754", "CVE-2020-10757", "CVE-2020-10942", "CVE-2020-11565", "CVE-2020-11655", "CVE-2020-11656", "CVE-2020-11971", "CVE-2020-11972", "CVE-2020-11973", "CVE-2020-12351", "CVE-2020-12352", "CVE-2020-12770", "CVE-2020-12826", "CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-13943", "CVE-2020-14305", "CVE-2020-14314", "CVE-2020-14331", "CVE-2020-14349", "CVE-2020-14350", "CVE-2020-14385", "CVE-2020-14556", "CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-14581", "CVE-2020-14583", "CVE-2020-14593", "CVE-2020-14621", "CVE-2020-14779", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-15358", "CVE-2020-1749", "CVE-2020-17527", "CVE-2020-24394", "CVE-2020-25212", "CVE-2020-25638", "CVE-2020-25643", "CVE-2020-25694", "CVE-2020-25695", "CVE-2020-25696", "CVE-2020-2590", "CVE-2020-2601", "CVE-2020-2732", "CVE-2020-5407", "CVE-2020-5408", "CVE-2020-5411", "CVE-2020-5412", "CVE-2020-5413", "CVE-2020-5421", "CVE-2020-8647", "CVE-2020-8649", "CVE-2020-9327", "CVE-2020-9383", "CVE-2021-24122"], "modified": "2021-02-02T05:06:51", "id": "F0AFFAB5446BEF6A6B346CA7237A1583252E55B1EA002352E7DFDFFB5796363C", "href": "https://www.ibm.com/support/pages/node/6410788", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "symantec": [{"lastseen": "2022-01-11T11:31:58", "description": "**Summary**\n\nSymantec Network and Information Security (NIS) products using affected versions of Apache Tomcat may be susceptible to multiple vulnerabilities. A remote attacker may be able to execute arbitrary code on the target server, observe HTTP responses for other users' requests, obtain JSP source code, or cause denial of service.\n\n**Affected Product(s)**\n\nThe following products and product versions are vulnerable to the CVEs listed. If a CVE is not listed, the product or version is not known to be vulnerable to it.\n\n**Management Center (MC)** \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2020-13935 | 3.0 | Upgrade to later release with fixes. \n3.1, 3.2 | Remediation is not available at this time. \n \n** \nAdditional Product Information**\n\nThe following products are not vulnerable: \n**Advanced Secure Gateway (ASG) \nAuthConnector \nBCAAA \nContent Analysis (CA) \nGeneral Auth Connector Login Application \nPacketShaper S-Series \nPolicyCenter S-Series \nProxySG \nReporter \nSecurity Analytics \nSSL Visibility (SSLV) \n****Symantec Messaging Gateway (SMG) \nUnified Agent \nWeb Isolation \nWSS Agent** \n**WSS Mobile Agent**\n\nThe following products are under investigation:** \nHSM Agent**\n\n**Issue Details**\n\n**CVE-2020-9484** \n--- \n**Severity / CVSS v3.1:** | High / 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n**References:** | NVD: [CVE-2020-9484](<https://nvd.nist.gov/vuln/detail/CVE-2020-9484>) \n**Impact:** | Remote code execution \n**Description:** | A deserialization flaw allows a remote attacker to send crafted requests and execute arbitrary code on the target system. The attacker must have control over a file stored on the target system. \n \n \n\n**CVE-2020-11996** \n--- \n**Severity / CVSS v3.1:** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References:** | NVD: [CVE-2020-11996](<https://nvd.nist.gov/vuln/detail/CVE-2020-11996>) \n**Impact:** | Denial of service \n**Description:** | A flaw in HTTP/2 request handling allows a remote attacker to send crafted requests on concurrent HTTP/2 connections and cause denial of service through excessive CPU utilization. \n \n \n\n**CVE-2020-13934** \n--- \n**Severity / CVSS v3.1:** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References:** | NVD: [CVE-2020-13934](<https://nvd.nist.gov/vuln/detail/CVE-2020-13934>) \n**Impact:** | Denial of service \n**Description:** | A flaw in HTTP/1.1 to HTTP/2 protocol upgrade handling in direct h2c connections allows a remote attacker to cause denial of service through excessive memory utilization. \n \n \n\n**CVE-2020-13935** \n--- \n**Severity / CVSS v3.1:** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References:** | NVD: [CVE-2020-13935](<https://nvd.nist.gov/vuln/detail/CVE-2020-13935>) \n**Impact:** | Denial of service \n**Description:** | A flaw in WebSocket frame handling allows a remote attacker to cause denial of service through infinite CPU loops. \n \n \n\n**CVE-2020-13943** \n--- \n**Severity / CVSS v3.1:** | Medium / 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n**References:** | NVD: [CVE-2020-13943](<https://nvd.nist.gov/vuln/detail/CVE-2020-13943>) \n**Impact:** | Information disclosure \n**Description:** | A flaw in HTTP/2 concurrent stream handling can cause a remote attacker to cause users to see responses for other users' requests. This is a different vulnerability from CVE-2020-17527. \n \n \n\n**CVE-2020-17527** \n--- \n**Severity / CVSS v3.1:** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n**References:** | NVD: [CVE-2020-17527](<https://nvd.nist.gov/vuln/detail/CVE-2020-17527>) \n**Impact:** | Information disclosure \n**Description:** | A flaw in HTTP/2 concurrent stream handling can cause a remote attacker to cause users to see responses for other users' requests. This is a different vulnerability from CVE-2020-13943. \n \n \n\n**CVE-2021-24122** \n--- \n**Severity / CVSS v3.1:** | Medium / 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n**References:** | NVD: [CVE-2021-24122](<https://nvd.nist.gov/vuln/detail/CVE-2021-24122>) \n**Impact:** | Information disclosure \n**Description:** | A flaw in server-side source code handling allows a remote attacker to obtain JSP source code from a Windows-based server. \n \n \n\n**CVE-2021-25122** \n--- \n**Severity / CVSS v3.1:** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n**References:** | NVD: [CVE-2021-25122](<https://nvd.nist.gov/vuln/detail/CVE-2021-25122>) \n**Impact:** | Information disclosure \n**Description:** | A flaw in new HTTP/2 h2c request handling can cause a remote attacker to cause users to see responses for other users' requests. \n \n \n\n**CVE-2021-25329** \n--- \n**Severity / CVSS v3.1:** | High / 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n**References:** | NVD: [CVE-2021-25329](<https://nvd.nist.gov/vuln/detail/CVE-2021-25329>) \n**Impact:** | Remote code execution \n**Description:** | A deserialization flaw allows a remote attacker to send crafted requests and execute arbitrary code on the target system. The attacker must have control over a file stored on the target system. This is caused by an incomplete fix to CVE-2020-9484. \n \n \n\n**Mitigation**\n\nCVE-2020-13935 is exploitable in MC only when authenticated MC users send invalid WebSocket frames to the web management console.\n\n**References**\n\nApache Tomcat 7 vulnerabilities - <http://tomcat.apache.org/security-7.html> \nApache Tomcat 8 vulnerabilities - <http://tomcat.apache.org/security-8.html> \nApache Tomcat 9 vulnerabilities - <http://tomcat.apache.org/security-9.html> \nApache Tomcat 7 vulnerabilities - <http://tomcat.apache.org/security-10.html>\n\n**Revisions**\n\n2021-08-12 MC 3.2 is vulnerable to CVE-2020-13935. \n2021-06-01 A fix for MC 3.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2021-03-16 initial public release\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-03-16T19:59:07", "type": "symantec", "title": "Apache Tomcat Vulnerabilities May 2020 - Mar 2021", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11996", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-13943", "CVE-2020-17527", "CVE-2020-9484", "CVE-2021-24122", "CVE-2021-25122", "CVE-2021-25329"], "modified": "2022-01-10T20:23:58", "id": "SMNTC-17650", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2022-04-01T00:24:53", "description": "It was discovered that Tomcat incorrectly performed input verification. \nA remote attacker could possibly use this issue to intercept sensitive \ninformation. (CVE-2020-13943, CVE-2020-17527, CVE-2021-25122, CVE-2021-30640)\n\nIt was discovered that Tomcat did not properly deserialize untrusted data. \nAn attacker could possibly use this issue to execute arbitrary code. \n(CVE-2020-9484, CVE-2021-33037)\n\nIt was discovered that Tomcat did not properly validate the input length. An \nattacker could possibly use this to trigger an infinite loop, resulting in a \ndenial of service. (CVE-2020-9494, CVE-2021-25329, CVE-2021-41079)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-31T00:00:00", "type": "ubuntu", "title": "Tomcat vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13943", "CVE-2020-17527", "CVE-2020-9484", "CVE-2020-9494", "CVE-2021-25122", "CVE-2021-25329", "CVE-2021-30640", "CVE-2021-33037", "CVE-2021-41079"], "modified": "2022-03-31T00:00:00", "id": "USN-5360-1", "href": "https://ubuntu.com/security/notices/USN-5360-1", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "oracle": [{"lastseen": "2021-10-22T15:44:16", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to [\u201cCritical Patch Updates, Security Alerts and Bulletins\u201d](<https://www.oracle.com/security-alerts/>) for information about Oracle Security advisories. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 391 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2021 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2765149.1>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-04-20T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - April 2021", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2542", "CVE-2016-5725", "CVE-2016-7103", "CVE-2017-1000061", "CVE-2017-12626", "CVE-2017-14735", "CVE-2017-18640", "CVE-2017-5645", "CVE-2018-1000180", "CVE-2018-1000613", "CVE-2018-1000632", "CVE-2018-1285", "CVE-2018-14040", "CVE-2018-14041", "CVE-2018-14042", "CVE-2018-14550", "CVE-2018-14613", "CVE-2018-16884", "CVE-2018-20843", "CVE-2018-8032", "CVE-2019-0219", "CVE-2019-0221", "CVE-2019-0227", "CVE-2019-0228", "CVE-2019-0230", "CVE-2019-0232", "CVE-2019-0233", "CVE-2019-10072", "CVE-2019-10080", "CVE-2019-10086", "CVE-2019-10098", "CVE-2019-10173", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11358", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-12086", "CVE-2019-12399", "CVE-2019-12402", "CVE-2019-12406", "CVE-2019-1241", "CVE-2019-12415", "CVE-2019-12419", "CVE-2019-12423", "CVE-2019-14379", "CVE-2019-14898", "CVE-2019-15218", "CVE-2019-1551", "CVE-2019-16746", "CVE-2019-16942", "CVE-2019-17075", "CVE-2019-17133", "CVE-2019-17195", "CVE-2019-17495", "CVE-2019-17566", "CVE-2019-17571", "CVE-2019-17573", "CVE-2019-17632", "CVE-2019-17638", "CVE-2019-18885", "CVE-2019-19052", "CVE-2019-19063", "CVE-2019-19066", "CVE-2019-19073", "CVE-2019-19074", "CVE-2019-19078", "CVE-2019-19535", "CVE-2019-19922", "CVE-2019-20812", "CVE-2019-2904", "CVE-2019-3738", "CVE-2019-3739", "CVE-2019-3740", "CVE-2019-3773", "CVE-2019-3874", "CVE-2019-3900", "CVE-2019-5063", "CVE-2019-5064", "CVE-2019-5108", "CVE-2019-5428", "CVE-2019-7317", "CVE-2019-8331", "CVE-2020-10188", "CVE-2020-10543", "CVE-2020-10683", "CVE-2020-10751", "CVE-2020-10769", "CVE-2020-10878", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11612", "CVE-2020-11655", "CVE-2020-11656", "CVE-2020-11973", "CVE-2020-11979", "CVE-2020-11987", "CVE-2020-11994", "CVE-2020-11998", "CVE-2020-12114", "CVE-2020-12723", "CVE-2020-12771", "CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13871", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-13943", "CVE-2020-13954", "CVE-2020-13956", "CVE-2020-14039", "CVE-2020-14060", "CVE-2020-14061", "CVE-2020-14062", "CVE-2020-14195", "CVE-2020-1472", "CVE-2020-15358", "CVE-2020-15586", "CVE-2020-16166", "CVE-2020-16845", "CVE-2020-17521", "CVE-2020-17527", "CVE-2020-17530", "CVE-2020-1927", "CVE-2020-1941", "CVE-2020-1945", "CVE-2020-1967", "CVE-2020-1968", "CVE-2020-1971", "CVE-2020-24394", "CVE-2020-24553", "CVE-2020-24616", "CVE-2020-24750", "CVE-2020-25649", "CVE-2020-26217", "CVE-2020-26418", "CVE-2020-26419", "CVE-2020-26420", "CVE-2020-26421", "CVE-2020-26422", "CVE-2020-27193", "CVE-2020-27216", "CVE-2020-27218", "CVE-2020-27223", "CVE-2020-27841", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27844", "CVE-2020-27845", "CVE-2020-28052", "CVE-2020-28196", "CVE-2020-35490", "CVE-2020-35491", "CVE-2020-35728", "CVE-2020-36179", "CVE-2020-36180", "CVE-2020-36181", "CVE-2020-36182", "CVE-2020-36183", "CVE-2020-36184", "CVE-2020-36185", "CVE-2020-36186", "CVE-2020-36187", "CVE-2020-36188", "CVE-2020-36189", "CVE-2020-5359", "CVE-2020-5360", "CVE-2020-5398", "CVE-2020-5407", "CVE-2020-5408", "CVE-2020-5413", "CVE-2020-5421", "CVE-2020-7059", "CVE-2020-7060", "CVE-2020-7069", "CVE-2020-7760", "CVE-2020-7774", "CVE-2020-7919", "CVE-2020-8203", "CVE-2020-8277", "CVE-2020-8284", "CVE-2020-8285", "CVE-2020-8286", "CVE-2020-8908", "CVE-2020-9281", "CVE-2020-9327", "CVE-2020-9480", "CVE-2020-9484", "CVE-2020-9488", "CVE-2020-9489", "CVE-2021-2008", "CVE-2021-20227", "CVE-2021-2053", "CVE-2021-21290", "CVE-2021-2134", "CVE-2021-21345", "CVE-2021-2135", "CVE-2021-2136", "CVE-2021-2140", "CVE-2021-2141", "CVE-2021-2142", "CVE-2021-2144", "CVE-2021-2145", "CVE-2021-2146", "CVE-2021-2147", "CVE-2021-2149", "CVE-2021-2150", "CVE-2021-2151", "CVE-2021-2152", "CVE-2021-2153", "CVE-2021-2154", "CVE-2021-2155", "CVE-2021-2156", "CVE-2021-2157", "CVE-2021-2158", "CVE-2021-2159", "CVE-2021-2160", "CVE-2021-2161", "CVE-2021-2162", "CVE-2021-2163", "CVE-2021-2164", "CVE-2021-2166", "CVE-2021-2167", "CVE-2021-2169", "CVE-2021-2170", "CVE-2021-2171", "CVE-2021-2172", "CVE-2021-2173", "CVE-2021-2174", "CVE-2021-2175", "CVE-2021-2177", "CVE-2021-2178", "CVE-2021-2179", "CVE-2021-2180", "CVE-2021-2181", "CVE-2021-2182", "CVE-2021-2183", "CVE-2021-2184", "CVE-2021-2185", "CVE-2021-2186", "CVE-2021-2187", "CVE-2021-2188", "CVE-2021-2189", "CVE-2021-2190", "CVE-2021-2191", "CVE-2021-2192", "CVE-2021-2193", "CVE-2021-2194", "CVE-2021-2195", "CVE-2021-2196", "CVE-2021-2197", "CVE-2021-2198", "CVE-2021-2199", "CVE-2021-2200", "CVE-2021-2201", "CVE-2021-2202", "CVE-2021-2203", "CVE-2021-2204", "CVE-2021-2205", "CVE-2021-2206", "CVE-2021-2207", "CVE-2021-2208", "CVE-2021-2209", "CVE-2021-2210", "CVE-2021-2211", "CVE-2021-22112", "CVE-2021-2212", "CVE-2021-2213", "CVE-2021-2214", "CVE-2021-2215", "CVE-2021-2216", "CVE-2021-2217", "CVE-2021-22173", "CVE-2021-22174", "CVE-2021-2218", "CVE-2021-2219", "CVE-2021-22191", "CVE-2021-2220", "CVE-2021-2221", "CVE-2021-2222", "CVE-2021-2223", "CVE-2021-2224", "CVE-2021-2225", "CVE-2021-2226", "CVE-2021-2227", "CVE-2021-2228", "CVE-2021-2229", "CVE-2021-2230", "CVE-2021-2231", "CVE-2021-2232", "CVE-2021-2233", "CVE-2021-2234", "CVE-2021-2235", "CVE-2021-2236", "CVE-2021-2237", "CVE-2021-2238", "CVE-2021-2239", "CVE-2021-2240", "CVE-2021-2241", "CVE-2021-2242", "CVE-2021-2244", "CVE-2021-2245", "CVE-2021-2246", "CVE-2021-2247", "CVE-2021-2248", "CVE-2021-2249", "CVE-2021-2250", "CVE-2021-2251", "CVE-2021-2252", "CVE-2021-2253", "CVE-2021-2254", "CVE-2021-2255", "CVE-2021-2256", "CVE-2021-2257", "CVE-2021-2258", "CVE-2021-2259", "CVE-2021-2260", "CVE-2021-2261", "CVE-2021-2262", "CVE-2021-2263", "CVE-2021-2264", "CVE-2021-2266", "CVE-2021-2267", "CVE-2021-2268", "CVE-2021-2269", "CVE-2021-2270", "CVE-2021-2271", "CVE-2021-2272", "CVE-2021-2273", "CVE-2021-2274", "CVE-2021-2275", "CVE-2021-2276", "CVE-2021-2277", "CVE-2021-2278", "CVE-2021-2279", "CVE-2021-2280", "CVE-2021-2281", "CVE-2021-2282", "CVE-2021-2283", "CVE-2021-2284", "CVE-2021-2285", "CVE-2021-2286", "CVE-2021-2287", "CVE-2021-2288", "CVE-2021-22883", "CVE-2021-22884", "CVE-2021-2289", "CVE-2021-2290", "CVE-2021-2291", "CVE-2021-2292", "CVE-2021-2293", "CVE-2021-2294", "CVE-2021-2295", "CVE-2021-2296", "CVE-2021-2297", "CVE-2021-2298", "CVE-2021-2299", "CVE-2021-2300", "CVE-2021-2301", "CVE-2021-2302", "CVE-2021-2303", "CVE-2021-2304", "CVE-2021-2305", "CVE-2021-2306", "CVE-2021-2307", "CVE-2021-2308", "CVE-2021-2309", "CVE-2021-2310", "CVE-2021-2311", "CVE-2021-2312", "CVE-2021-2314", "CVE-2021-2315", "CVE-2021-2316", "CVE-2021-2317", "CVE-2021-2318", "CVE-2021-2319", "CVE-2021-2320", "CVE-2021-2321", "CVE-2021-23336", "CVE-2021-23839", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-3449", "CVE-2021-3450"], "modified": "2021-09-04T00:00:00", "id": "ORACLE:CPUAPR2021", "href": "https://www.oracle.com/security-alerts/cpuapr2021.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}