Vulnerabilities > CVE-2006-3835 - Unspecified vulnerability in Apache Tomcat
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Exploit-Db
description | Apache Tomcat 5 Information Disclosure Vulnerability. CVE-2006-3835. Remote exploits for multiple platform |
id | EDB-ID:28254 |
last seen | 2016-02-03 |
modified | 2006-07-21 |
published | 2006-07-21 |
reporter | ScanAlert Security |
source | https://www.exploit-db.com/download/28254/ |
title | Apache Tomcat 5 Information Disclosure Vulnerability |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE9_12343.NASL description Two old but not yet fixed security issues in tomcat5 were spotted and are fixed by this update : - Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do. (CVE-2006-3835) Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat allowed remote attackers to inject arbitrary web script or HTML via crafted last seen 2020-06-01 modified 2020-06-02 plugin id 41273 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41273 title SuSE9 Security Update : Tomcat (YOU Patch Number 12343) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41273); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:33"); script_cve_id("CVE-2006-3835"); script_name(english:"SuSE9 Security Update : Tomcat (YOU Patch Number 12343)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 9 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Two old but not yet fixed security issues in tomcat5 were spotted and are fixed by this update : - Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do. (CVE-2006-3835) Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat allowed remote attackers to inject arbitrary web script or HTML via crafted 'Accept-Language headers that do not conform to RFC 2616'. These issues were rated 'low' by the Apache Tomcat team." ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-3835.html" ); script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12343."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2009/01/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SUSE9", reference:"apache-jakarta-tomcat-connectors-5.0.19-29.20")) flag++; if (rpm_check(release:"SUSE9", reference:"apache2-jakarta-tomcat-connectors-5.0.19-29.20")) flag++; if (rpm_check(release:"SUSE9", reference:"jakarta-tomcat-5.0.19-29.20")) flag++; if (rpm_check(release:"SUSE9", reference:"jakarta-tomcat-doc-5.0.19-29.20")) flag++; if (rpm_check(release:"SUSE9", reference:"jakarta-tomcat-examples-5.0.19-29.20")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0261.NASL description Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. During an internal security review, a cross-site scripting flaw was found that affected the Red Hat Network channel search feature. (CVE-2007-5961) This release also corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Two arbitrary code execution flaws were fixed in the OpenMotif package. (CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 5.0 are advised to upgrade to 5.0.2, which resolves these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43835 published 2010-01-10 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43835 title RHEL 4 : Satellite Server (RHSA-2008:0261) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0261. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(43835); script_version ("1.27"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2004-0885", "CVE-2005-0605", "CVE-2005-2090", "CVE-2005-3510", "CVE-2005-3964", "CVE-2005-4838", "CVE-2006-0254", "CVE-2006-0898", "CVE-2006-1329", "CVE-2006-3835", "CVE-2006-5752", "CVE-2006-7195", "CVE-2006-7196", "CVE-2006-7197", "CVE-2007-0243", "CVE-2007-0450", "CVE-2007-1349", "CVE-2007-1355", "CVE-2007-1358", "CVE-2007-1860", "CVE-2007-2435", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-2788", "CVE-2007-2789", "CVE-2007-3304", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-4465", "CVE-2007-5000", "CVE-2007-5461", "CVE-2007-5961", "CVE-2007-6306", "CVE-2007-6388", "CVE-2008-0128"); script_bugtraq_id(15325, 16802, 19106, 22085, 22960, 23192, 24004, 24147, 24215, 24475, 24476, 24524, 24645, 25316, 25531, 25653, 26070, 26752, 26838, 27237, 27365, 28481); script_xref(name:"RHSA", value:"2008:0261"); script_name(english:"RHEL 4 : Satellite Server (RHSA-2008:0261)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. During an internal security review, a cross-site scripting flaw was found that affected the Red Hat Network channel search feature. (CVE-2007-5961) This release also corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Two arbitrary code execution flaws were fixed in the OpenMotif package. (CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 5.0 are advised to upgrade to 5.0.2, which resolves these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0885" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0605" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-2090" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-3510" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-3964" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-4838" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-0254" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-0898" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-1329" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-3835" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-5752" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-7195" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-7196" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-7197" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-0243" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-0450" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-1349" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-1355" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-1358" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-1860" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-2435" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-2449" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-2450" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-2788" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-2789" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-3304" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-3382" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-3385" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-4465" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-5000" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-5461" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-5961" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-6306" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-6388" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0128" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2008:0261" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(16, 20, 22, 79, 119, 189, 200, 264, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jabberd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jfreechart"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openmotif21"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Crypt-CBC"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-apache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-modjk-ap13"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-modperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-modssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/11/03"); script_set_attribute(attribute:"patch_publication_date", value:"2008/05/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2008:0261"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (! (rpm_exists(release:"RHEL4", rpm:"rhns-app-"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Satellite Server"); if (rpm_check(release:"RHEL4", cpu:"i386", reference:"jabberd-2.0s10-3.38.rhn")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"java-1.4.2-ibm-1.4.2.10-1jpp.2.el4")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4")) flag++; if (rpm_check(release:"RHEL4", reference:"jfreechart-0.9.20-3.rhn")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"openmotif21-2.1.30-11.RHEL4.6")) flag++; if (rpm_check(release:"RHEL4", reference:"perl-Crypt-CBC-2.24-1.el4")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-apache-1.3.27-36.rhn.rhel4")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-modjk-ap13-1.2.23-2rhn.rhel4")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-modperl-1.29-16.rhel4")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-modssl-2.8.12-8.rhn.10.rhel4")) flag++; if (rpm_check(release:"RHEL4", reference:"tomcat5-5.0.30-0jpp_10rh")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jabberd / java-1.4.2-ibm / java-1.4.2-ibm-devel / jfreechart / etc"); } }
NASL family Web Servers NASL id TOMCAT_4_1_32.NASL description According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.32. It is, therefore, affected by the following vulnerabilities : - The remote Apache Tomcat install is vulnerable to a denial of service attack. If directory listing is enabled, function calls to retrieve the contents of large directories can degrade performance. (CVE-2005-3510) - The remote Apache Tomcat install may be vulnerable to a cross-site scripting attack if the JSP examples are enabled. Several of these JSP examples do not properly validate user input. (CVE-2005-4838) - The remote Apache Tomcat install allows remote users to list the contents of a directory by placing a semicolon before a filename with a mapped extension. (CVE-2006-3835) - If enabled, the JSP calendar example application is vulnerable to a cross-site scripting attack because user input is not properly validated. (CVE-2006-7196) - The remote Apache Tomcat install, in its default configuration, permits the use of insecure ciphers when using SSL. (CVE-2007-1858) - The remote Apache Tomcat install may be vulnerable to an information disclosure attack by allowing requests from a non-permitted IP address to gain access to a context that is protected with a valve that extends RequestFilterValve. (CVE-2008-3271) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-03-18 modified 2010-06-16 plugin id 47029 published 2010-06-16 reporter This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47029 title Apache Tomcat 4.x < 4.1.32 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(47029); script_version("1.20"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/11"); script_cve_id( "CVE-2005-3510", "CVE-2005-4838", "CVE-2006-3835", "CVE-2006-7196", "CVE-2007-1858", "CVE-2008-3271" ); script_bugtraq_id(15325, 19106, 25531, 28482, 31698); script_xref(name:"Secunia", value:"13737"); script_xref(name:"Secunia", value:"17416"); script_xref(name:"Secunia", value:"32213"); script_name(english:"Apache Tomcat 4.x < 4.1.32 Multiple Vulnerabilities"); script_summary(english:"Checks the Apache Tomcat version."); script_set_attribute(attribute:"synopsis", value: "The remote Apache Tomcat server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.32. It is, therefore, affected by the following vulnerabilities : - The remote Apache Tomcat install is vulnerable to a denial of service attack. If directory listing is enabled, function calls to retrieve the contents of large directories can degrade performance. (CVE-2005-3510) - The remote Apache Tomcat install may be vulnerable to a cross-site scripting attack if the JSP examples are enabled. Several of these JSP examples do not properly validate user input. (CVE-2005-4838) - The remote Apache Tomcat install allows remote users to list the contents of a directory by placing a semicolon before a filename with a mapped extension. (CVE-2006-3835) - If enabled, the JSP calendar example application is vulnerable to a cross-site scripting attack because user input is not properly validated. (CVE-2006-7196) - The remote Apache Tomcat install, in its default configuration, permits the use of insecure ciphers when using SSL. (CVE-2007-1858) - The remote Apache Tomcat install may be vulnerable to an information disclosure attack by allowing requests from a non-permitted IP address to gain access to a context that is protected with a valve that extends RequestFilterValve. (CVE-2008-3271) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://tomcat.apache.org/security-4.html#Fixed_in_Apache_Tomcat_4.1.32"); script_set_attribute(attribute:"see_also", value:"https://bz.apache.org/bugzilla/show_bug.cgi?id=25835"); script_set_attribute(attribute:"solution", value:"Upgrade to Apache Tomcat version 4.1.32 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2005-3510"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(79, 264); script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/03"); script_set_attribute(attribute:"patch_publication_date", value:"2006/06/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/16"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:tomcat"); script_set_attribute(attribute:"agent", value:"all"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("tomcat_error_version.nasl", "tomcat_win_installed.nbin", "apache_tomcat_nix_installed.nbin"); script_require_keys("installed_sw/Apache Tomcat"); exit(0); } include("tomcat_version.inc"); tomcat_check_version(fixed:"4.1.32", min:"4.0.0", severity:SECURITY_WARNING, xss:TRUE, granularity_regex:"^4(\.1)?$");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0524.NASL description Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server 4.2. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Multiple flaws were fixed in the OpenMotif package. (CVE-2004-0687, CVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43837 published 2010-01-10 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43837 title RHEL 3 / 4 : Satellite Server (RHSA-2008:0524) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0524. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(43837); script_version ("1.28"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2004-0687", "CVE-2004-0688", "CVE-2004-0885", "CVE-2004-0914", "CVE-2005-0605", "CVE-2005-2090", "CVE-2005-3510", "CVE-2005-3964", "CVE-2005-4838", "CVE-2006-0254", "CVE-2006-0898", "CVE-2006-1329", "CVE-2006-3835", "CVE-2006-5752", "CVE-2006-7195", "CVE-2006-7196", "CVE-2006-7197", "CVE-2007-0243", "CVE-2007-0450", "CVE-2007-1349", "CVE-2007-1355", "CVE-2007-1358", "CVE-2007-1860", "CVE-2007-2435", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-2788", "CVE-2007-2789", "CVE-2007-3304", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-4465", "CVE-2007-5000", "CVE-2007-5461", "CVE-2007-6306", "CVE-2007-6388", "CVE-2008-0128"); script_bugtraq_id(13873, 15325, 16802, 19106, 22085, 22960, 23192, 24004, 24215, 24475, 24476, 24524, 24645, 25316, 25531, 26070, 26752, 26838, 27237, 27365, 28481); script_xref(name:"RHSA", value:"2008:0524"); script_name(english:"RHEL 3 / 4 : Satellite Server (RHSA-2008:0524)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server 4.2. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Multiple flaws were fixed in the OpenMotif package. (CVE-2004-0687, CVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0687" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0688" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0885" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0914" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0605" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-2090" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-3510" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-3964" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-4838" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-0254" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-0898" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-1329" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-3835" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-5752" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-7195" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-7196" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-7197" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-0243" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-0450" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-1349" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-1355" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-1358" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-1860" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-2435" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-2449" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-2450" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-2788" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-2789" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-3304" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-3382" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-3385" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-4465" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-5000" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-5461" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-6306" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-6388" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0128" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2008:0524" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(16, 20, 22, 79, 119, 189, 200, 264, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jabberd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jfreechart"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openmotif21"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Crypt-CBC"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-apache"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-modjk-ap13"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-modperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-modssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/10/20"); script_set_attribute(attribute:"patch_publication_date", value:"2008/06/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2008:0524"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (! (rpm_exists(release:"RHEL3", rpm:"rhns-app-") || rpm_exists(release:"RHEL4", rpm:"rhns-app-"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Satellite Server"); if (rpm_check(release:"RHEL3", cpu:"i386", reference:"jabberd-2.0s10-3.37.rhn")) flag++; if (rpm_check(release:"RHEL3", cpu:"i386", reference:"java-1.4.2-ibm-1.4.2.10-1jpp.2.el3")) flag++; if (rpm_check(release:"RHEL3", cpu:"i386", reference:"java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el3")) flag++; if (rpm_check(release:"RHEL3", reference:"jfreechart-0.9.20-3.rhn")) flag++; if (rpm_check(release:"RHEL3", cpu:"i386", reference:"openmotif21-2.1.30-9.RHEL3.8")) flag++; if (rpm_check(release:"RHEL3", reference:"perl-Crypt-CBC-2.24-1.el3")) flag++; if (rpm_check(release:"RHEL3", cpu:"i386", reference:"rhn-apache-1.3.27-36.rhn.rhel3")) flag++; if (rpm_check(release:"RHEL3", cpu:"i386", reference:"rhn-modjk-ap13-1.2.23-2rhn.rhel3")) flag++; if (rpm_check(release:"RHEL3", cpu:"i386", reference:"rhn-modperl-1.29-16.rhel3")) flag++; if (rpm_check(release:"RHEL3", cpu:"i386", reference:"rhn-modssl-2.8.12-8.rhn.10.rhel3")) flag++; if (rpm_check(release:"RHEL3", reference:"tomcat5-5.0.30-0jpp_10rh")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"jabberd-2.0s10-3.38.rhn")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"java-1.4.2-ibm-1.4.2.10-1jpp.2.el4")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4")) flag++; if (rpm_check(release:"RHEL4", reference:"jfreechart-0.9.20-3.rhn")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"openmotif21-2.1.30-11.RHEL4.6")) flag++; if (rpm_check(release:"RHEL4", reference:"perl-Crypt-CBC-2.24-1.el4")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-apache-1.3.27-36.rhn.rhel4")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-modjk-ap13-1.2.23-2rhn.rhel4")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-modperl-1.29-16.rhel4")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-modssl-2.8.12-8.rhn.10.rhel4")) flag++; if (rpm_check(release:"RHEL4", reference:"tomcat5-5.0.30-0jpp_10rh")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jabberd / java-1.4.2-ibm / java-1.4.2-ibm-devel / jfreechart / etc"); } }
NASL family SuSE Local Security Checks NASL id SUSE_TOMCAT5-5955.NASL description Two old but not yet fixed security issues in tomcat5 were spotted and are fixed by this update : - Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do. (CVE-2006-3835) Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat allowed remote attackers to inject arbitrary web script or HTML via crafted last seen 2020-06-01 modified 2020-06-02 plugin id 41591 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41591 title SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 5955) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41591); script_version ("1.8"); script_cvs_date("Date: 2019/10/25 13:36:37"); script_cve_id("CVE-2006-3835"); script_name(english:"SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 5955)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Two old but not yet fixed security issues in tomcat5 were spotted and are fixed by this update : - Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do. (CVE-2006-3835) Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat allowed remote attackers to inject arbitrary web script or HTML via crafted 'Accept-Language headers that do not conform to RFC 2616'. These issues were rated 'low' by the Apache Tomcat team." ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-3835.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 5955."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2009/01/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLES10", sp:2, reference:"tomcat5-5.0.30-27.35")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"tomcat5-admin-webapps-5.0.30-27.35")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"tomcat5-webapps-5.0.30-27.35")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1069.NASL description Updated tomcat packages that fix multiple security issues are now available for Red Hat Network Satellite Server. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. It was reported Tomcat did not properly handle the following character sequence in a cookie: \ last seen 2020-06-01 modified 2020-06-02 plugin id 43834 published 2010-01-10 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43834 title RHEL 3 / 4 : tomcat in Satellite Server (RHSA-2007:1069) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:1069. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(43834); script_version ("1.23"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2005-2090", "CVE-2005-3510", "CVE-2006-3835", "CVE-2007-0450", "CVE-2007-1858", "CVE-2007-3382", "CVE-2007-3385"); script_bugtraq_id(13873, 15325, 19106, 22960, 25316); script_xref(name:"RHSA", value:"2007:1069"); script_name(english:"RHEL 3 / 4 : tomcat in Satellite Server (RHSA-2007:1069)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated tomcat packages that fix multiple security issues are now available for Red Hat Network Satellite Server. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. It was reported Tomcat did not properly handle the following character sequence in a cookie: \' (a backslash followed by a double-quote). It was possible remote attackers could use this failure to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3385). Tomcat was found treating single quote characters -- ' -- as delimiters in cookies. This could allow remote attackers to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3382). The default Tomcat configuration permitted the use of insecure SSL cipher suites including the anonymous cipher suite. (CVE-2007-1858) Tomcat permitted various characters as path delimiters. If Tomcat was used behind certain proxies and configured to only proxy some contexts, an attacker could construct an HTTP request to work around the context restriction and potentially access non-proxied content. (CVE-2007-0450) Directory listings were enabled by default in Tomcat. Information stored unprotected under the document root was visible to anyone if the administrator did not disable directory listings. (CVE-2006-3835) It was found that generating listings of large directories was CPU intensive. An attacker could make repeated requests to obtain a directory listing of any large directory, leading to a denial of service. (CVE-2005-3510) Tomcat was found to accept multiple content-length headers in a request. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. (CVE-2005-2090) Users should upgrade to these erratum packages which contain an update to Tomcat that resolves these issues, and add the tyrex and jakarta-commons-pool packages which are required dependencies of the new Tomcat version." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-2090" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-3510" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-3835" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-0450" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-1858" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-3382" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-3385" ); script_set_attribute( attribute:"see_also", value:"http://tomcat.apache.org/security-5.html" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2007:1069" ); script_set_attribute( attribute:"solution", value: "Update the affected jakarta-commons-pool, tomcat5 and / or tyrex packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(22, 200); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jakarta-commons-pool"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tyrex"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/07/05"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2007:1069"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (! (rpm_exists(release:"RHEL3", rpm:"rhns-app-") || rpm_exists(release:"RHEL4", rpm:"rhns-app-"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Satellite Server"); if (rpm_check(release:"RHEL3", reference:"jakarta-commons-pool-1.2-2jpp_2rh")) flag++; if (rpm_check(release:"RHEL3", reference:"tomcat5-5.0.30-0jpp_6rh")) flag++; if (rpm_check(release:"RHEL3", reference:"tyrex-1.0.1-2jpp_2rh")) flag++; if (rpm_check(release:"RHEL4", reference:"jakarta-commons-pool-1.2-2jpp_2rh")) flag++; if (rpm_check(release:"RHEL4", reference:"tomcat5-5.0.30-0jpp_6rh")) flag++; if (rpm_check(release:"RHEL4", reference:"tyrex-1.0.1-2jpp_2rh")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jakarta-commons-pool / tomcat5 / tyrex"); } }
Packetstorm
data source | https://packetstormsecurity.com/files/download/82649/SN-2009-02.txt |
id | PACKETSTORM:82649 |
last seen | 2016-12-05 |
published | 2009-11-17 |
reporter | Alberto Trivero |
source | https://packetstormsecurity.com/files/82649/ToutVirtual-VirtualIQ-Pro-XSS-XSRF-Execution.html |
title | ToutVirtual VirtualIQ Pro XSS / XSRF / Execution |
Redhat
advisories |
| ||||
rpms |
|
Seebug
bulletinFamily exploit description No description provided by source. id SSV:12603 last seen 2017-11-19 modified 2009-11-10 published 2009-11-10 reporter Root source https://www.seebug.org/vuldb/ssvid-12603 title ToutVirtual VirtualIQ Multiple Vulnerabilities bulletinFamily exploit description No description provided by source. id SSV:67058 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-67058 title toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities bulletinFamily exploit description No description provided by source. id SSV:14334 last seen 2017-11-19 modified 2009-11-07 published 2009-11-07 reporter Root source https://www.seebug.org/vuldb/ssvid-14334 title ToutVirtual VirtualIQ Pro 3.2 Multiple Vulnerabilities
Statements
contributor | Mark J Cox |
lastmodified | 2006-08-24 |
organization | Red Hat |
statement | This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled. Details on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0467.html
- http://www.securityfocus.com/bid/19106
- http://securitytracker.com/id?1016576
- http://tomcat.apache.org/security-4.html
- http://tomcat.apache.org/security-5.html
- http://www.sec-consult.com/289.html
- http://secunia.com/advisories/25212
- http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
- http://www.redhat.com/support/errata/RHSA-2008-0261.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
- http://secunia.com/advisories/30908
- http://secunia.com/advisories/30899
- http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
- http://secunia.com/advisories/33668
- http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://secunia.com/advisories/37297
- http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt
- http://www.vupen.com/english/advisories/2009/0233
- http://www.vupen.com/english/advisories/2008/1979/references
- http://www.vupen.com/english/advisories/2007/1727
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34183
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27902
- http://www.securityfocus.com/archive/1/507729/100/0/threaded
- http://www.securityfocus.com/archive/1/500412/100/0/threaded
- http://www.securityfocus.com/archive/1/500396/100/0/threaded
- http://www.securityfocus.com/archive/1/468048/100/0/threaded
- https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E