Vulnerabilities > CVE-2007-5461 - Path Traversal vulnerability in Apache Tomcat

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
apache
CWE-22
nessus
exploit available

Summary

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Relative Path Traversal
    An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
  • Directory Traversal
    An attacker with access to file system resources, either directly or via application logic, will use various file path specification or navigation mechanisms such as ".." in path strings and absolute paths to extend their range of access to inappropriate areas of the file system. The attacker attempts to either explore the file system for recon purposes or access directories and files that are intended to be restricted from their access. Exploring the file system can be achieved through constructing paths presented to directory listing programs, such as "ls" and 'dir', or through specially crafted programs that attempt to explore the file system. The attacker engaging in this type of activity is searching for information that can be used later in a more exploitive attack. Access to restricted directories or files can be achieved through modification of path references utilized by system applications.
  • File System Function Injection, Content Based
    An attack of this type exploits the host's trust in executing remote content including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the attacker and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files. The attacker exploits known vulnerabilities or handling routines in the target processes. Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the attacker knows the standard handling routines and can identify vulnerabilities and entry points they can be exploited by otherwise seemingly normal content. Once the attack is executed, the attackers' program can access relative directories such as C:\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.
  • Using Slashes and URL Encoding Combined to Bypass Validation Logic
    This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
  • Manipulating Input to File System Calls
    An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.

Exploit-Db

descriptionApache Tomcat (webdav) Remote File Disclosure Exploit. CVE-2007-5461. Remote exploits for multiple platform
fileexploits/multiple/remote/4530.pl
idEDB-ID:4530
last seen2016-01-31
modified2007-10-14
platformmultiple
port
published2007-10-14
reportereliteboy
sourcehttps://www.exploit-db.com/download/4530/
titleApache Tomcat webdav - Remote File Disclosure Exploit
typeremote

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0261.NASL
    descriptionRed Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. During an internal security review, a cross-site scripting flaw was found that affected the Red Hat Network channel search feature. (CVE-2007-5961) This release also corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Two arbitrary code execution flaws were fixed in the OpenMotif package. (CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 5.0 are advised to upgrade to 5.0.2, which resolves these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43835
    published2010-01-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43835
    titleRHEL 4 : Satellite Server (RHSA-2008:0261)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0261. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(43835);
      script_version ("1.27");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2004-0885", "CVE-2005-0605", "CVE-2005-2090", "CVE-2005-3510", "CVE-2005-3964", "CVE-2005-4838", "CVE-2006-0254", "CVE-2006-0898", "CVE-2006-1329", "CVE-2006-3835", "CVE-2006-5752", "CVE-2006-7195", "CVE-2006-7196", "CVE-2006-7197", "CVE-2007-0243", "CVE-2007-0450", "CVE-2007-1349", "CVE-2007-1355", "CVE-2007-1358", "CVE-2007-1860", "CVE-2007-2435", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-2788", "CVE-2007-2789", "CVE-2007-3304", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-4465", "CVE-2007-5000", "CVE-2007-5461", "CVE-2007-5961", "CVE-2007-6306", "CVE-2007-6388", "CVE-2008-0128");
      script_bugtraq_id(15325, 16802, 19106, 22085, 22960, 23192, 24004, 24147, 24215, 24475, 24476, 24524, 24645, 25316, 25531, 25653, 26070, 26752, 26838, 27237, 27365, 28481);
      script_xref(name:"RHSA", value:"2008:0261");
    
      script_name(english:"RHEL 4 : Satellite Server (RHSA-2008:0261)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Red Hat Network Satellite Server version 5.0.2 is now available. This
    update includes fixes for a number of security issues in Red Hat
    Network Satellite Server components.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    During an internal security review, a cross-site scripting flaw was
    found that affected the Red Hat Network channel search feature.
    (CVE-2007-5961)
    
    This release also corrects several security vulnerabilities in various
    components shipped as part of the Red Hat Network Satellite Server. In
    a typical operating environment, these components are not exposed to
    users of Satellite Server in a vulnerable manner. These security
    updates will reduce risk in unique Satellite Server environments.
    
    Multiple flaws were fixed in the Apache HTTPD server. These flaws
    could result in a cross-site scripting, denial-of-service, or
    information disclosure attacks. (CVE-2004-0885, CVE-2006-5752,
    CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465,
    CVE-2007-5000, CVE-2007-6388)
    
    A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)
    
    A denial-of-service flaw was fixed in the jabberd server.
    (CVE-2006-1329)
    
    Multiple cross-site scripting flaws were fixed in the image map
    feature in the JFreeChart package. (CVE-2007-6306)
    
    Multiple flaws were fixed in the IBM Java 1.4.2 Runtime.
    (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789)
    
    Two arbitrary code execution flaws were fixed in the OpenMotif
    package. (CVE-2005-3964, CVE-2005-0605)
    
    A flaw which could result in weak encryption was fixed in the
    perl-Crypt-CBC package. (CVE-2006-0898)
    
    Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128,
    CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358,
    CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450,
    CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254,
    CVE-2005-2090, CVE-2005-4838, CVE-2005-3510)
    
    Users of Red Hat Network Satellite Server 5.0 are advised to upgrade
    to 5.0.2, which resolves these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0885"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-0605"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-2090"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-3510"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-3964"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-4838"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-0254"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-0898"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-1329"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3835"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-5752"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-7195"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-7196"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-7197"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-0243"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-0450"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1349"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1355"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1358"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-1860"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2435"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2449"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2450"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2788"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2789"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-3304"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-3382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-3385"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-4465"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5000"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5461"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5961"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-6306"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-6388"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-0128"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:0261"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(16, 20, 22, 79, 119, 189, 200, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jabberd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jfreechart");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openmotif21");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Crypt-CBC");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-apache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-modjk-ap13");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-modperl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhn-modssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/11/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/05/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:0261";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL4", rpm:"rhns-app-"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Satellite Server");
    
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"jabberd-2.0s10-3.38.rhn")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"java-1.4.2-ibm-1.4.2.10-1jpp.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jfreechart-0.9.20-3.rhn")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"openmotif21-2.1.30-11.RHEL4.6")) flag++;
      if (rpm_check(release:"RHEL4", reference:"perl-Crypt-CBC-2.24-1.el4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-apache-1.3.27-36.rhn.rhel4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-modjk-ap13-1.2.23-2rhn.rhel4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-modperl-1.29-16.rhel4")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"rhn-modssl-2.8.12-8.rhn.10.rhel4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"tomcat5-5.0.30-0jpp_10rh")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jabberd / java-1.4.2-ibm / java-1.4.2-ibm-devel / jfreechart / etc");
      }
    }
    
  • NASL familyWeb Servers
    NASL idTOMCAT_6_0_16.NASL
    descriptionAccording to its self-reported version number, the instance of Apache Tomcat listening on the remote host is prior to 6.0.16. It is, therefore, affected by multiple vulnerabilities : - The remote Apache Tomcat install may be vulnerable to an information disclosure attack via cookies. The previous fix for CVE-2007-3385 was incomplete and did not account for the use of quotes or
    last seen2020-03-18
    modified2010-07-01
    plugin id47577
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47577
    titleApache Tomcat < 6.0.16 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(47577);
      script_version("1.21");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/11");
    
      script_cve_id(
        "CVE-2007-5333",
        "CVE-2007-5342",
        "CVE-2007-5461",
        "CVE-2007-6286",
        "CVE-2008-0002"
      );
      script_bugtraq_id(26070, 27006, 27706, 49470);
      script_xref(name:"Secunia", value:"27398");
      script_xref(name:"Secunia", value:"28274");
      script_xref(name:"Secunia", value:"28834");
      script_xref(name:"Secunia", value:"28878");
    
      script_name(english:"Apache Tomcat < 6.0.16 Multiple Vulnerabilities");
      script_summary(english:"Checks the Apache Tomcat version.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Apache Tomcat server is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its self-reported version number, the instance of Apache
    Tomcat listening on the remote host is prior to 6.0.16. It is,
    therefore, affected by multiple vulnerabilities :
    
      - The remote Apache Tomcat install may be vulnerable to an
        information disclosure attack via cookies. The previous
        fix for CVE-2007-3385 was incomplete and did not account
        for the use of quotes or '%5C' in cookie values.
        (CVE-2007-3385, CVE-2007-5333)
    
      - The default security policy in the JULI logging
        component did not restrict access permissions to files.
        This could be misused by untrusted web applications to
        access and write arbitrary files in the context of the
        Tomcat process. (CVE-2007-5342)
    
      - A directory traversal vulnerability existed in the
        Apache Tomcat webdav servlet. In some configurations
        it allowed remote, authenticated users to read files
        accessible to the local tomcat process. (CVE-2007-5461)
    
      - When the native APR connector is used, it does not
        properly handle an empty request to the SSL port, which
        allows remote attackers to trigger handling of a
        duplicate copy of one of the recent requests, as
        demonstrated by using netcat to send the empty request.
        (CVE-2007-6286)
    
      - If the processing or parameters is interrupted, i.e. by
        an exception, then it is possible for the parameters to
        be processed as part of later request. (CVE-2008-0002)
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.16");
      script_set_attribute(attribute:"solution", value:"Upgrade to Apache Tomcat version 6.0.16 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2007-5333");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(22, 200, 264);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/10/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/02/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/01");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:tomcat");
      script_set_attribute(attribute:"agent", value:"all");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("tomcat_error_version.nasl", "tomcat_win_installed.nbin", "apache_tomcat_nix_installed.nbin");
      script_require_keys("installed_sw/Apache Tomcat");
    
      exit(0);
    }
    
    include("tomcat_version.inc");
    
    tomcat_check_version(fixed:"6.0.16", min:"6.0.0", severity:SECURITY_WARNING, granularity_regex:"^6(\.0)?$");
    
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-241.NASL
    descriptionA number of vulnerabilities were found in Tomcat : A directory traversal vulnerability, when using certain proxy modules, allows a remote attacker to read arbitrary files via a .. (dot dot) sequence with various slash, backslash, or url-encoded backslash characters (CVE-2007-0450; affects Mandriva Linux 2007.1 only). Multiple cross-site scripting vulnerabilities in certain JSP files allow remote attackers to inject arbitrary web script or HTML (CVE-2007-2449). Multiple cross-site scripting vulnerabilities in the Manager and Host Manager web applications allow remote authenticated users to inject arbitrary web script or HTML (CVE-2007-2450). Tomcat treated single quotes as delimiters in cookies, which could cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks (CVE-2007-3382). Tomcat did not properly handle the
    last seen2020-06-01
    modified2020-06-02
    plugin id38147
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38147
    titleMandrake Linux Security Advisory : tomcat5 (MDKSA-2007:241)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2007:241. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(38147);
      script_version ("1.13");
      script_cvs_date("Date: 2019/08/02 13:32:49");
    
      script_cve_id("CVE-2007-0450", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5461");
      script_xref(name:"MDKSA", value:"2007:241");
    
      script_name(english:"Mandrake Linux Security Advisory : tomcat5 (MDKSA-2007:241)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A number of vulnerabilities were found in Tomcat :
    
    A directory traversal vulnerability, when using certain proxy modules,
    allows a remote attacker to read arbitrary files via a .. (dot dot)
    sequence with various slash, backslash, or url-encoded backslash
    characters (CVE-2007-0450; affects Mandriva Linux 2007.1 only).
    
    Multiple cross-site scripting vulnerabilities in certain JSP files
    allow remote attackers to inject arbitrary web script or HTML
    (CVE-2007-2449).
    
    Multiple cross-site scripting vulnerabilities in the Manager and Host
    Manager web applications allow remote authenticated users to inject
    arbitrary web script or HTML (CVE-2007-2450).
    
    Tomcat treated single quotes as delimiters in cookies, which could
    cause sensitive information such as session IDs to be leaked and allow
    remote attackers to conduct session hijacking attacks (CVE-2007-3382).
    
    Tomcat did not properly handle the ' character sequence in a cookie
    value, which could cause sensitive information such as session IDs to
    be leaked and allow remote attackers to conduct session hijacking
    attacks (CVE-2007-3385).
    
    A cross-site scripting vulnerability in the Host Manager servlet
    allowed remote attackers to inject arbitrary HTML and web script via
    crafted attacks (CVE-2007-3386).
    
    Finally, an absolute path traversal vulnerability, under certain
    configurations, allows remote authenticated users to read arbitrary
    files via a WebDAV write request that specifies an entity with a
    SYSTEM tag (CVE-2007-5461).
    
    The updated packages have been patched to correct these issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_cwe_id(22, 79, 200);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-admin-webapps");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-common-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-jasper");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-server-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-webapps");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/12/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2007.1", reference:"tomcat5-5.5.17-6.2.4.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"tomcat5-admin-webapps-5.5.17-6.2.4.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"tomcat5-common-lib-5.5.17-6.2.4.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"tomcat5-jasper-5.5.17-6.2.4.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"tomcat5-jasper-javadoc-5.5.17-6.2.4.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"tomcat5-jsp-2.0-api-5.5.17-6.2.4.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"tomcat5-jsp-2.0-api-javadoc-5.5.17-6.2.4.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"tomcat5-server-lib-5.5.17-6.2.4.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"tomcat5-servlet-2.4-api-5.5.17-6.2.4.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"tomcat5-servlet-2.4-api-javadoc-5.5.17-6.2.4.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"tomcat5-webapps-5.5.17-6.2.4.1mdv2007.1", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2008.0", reference:"tomcat5-5.5.23-9.2.10.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"tomcat5-admin-webapps-5.5.23-9.2.10.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"tomcat5-common-lib-5.5.23-9.2.10.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"tomcat5-jasper-5.5.23-9.2.10.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"tomcat5-jasper-javadoc-5.5.23-9.2.10.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"tomcat5-jsp-2.0-api-5.5.23-9.2.10.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"tomcat5-server-lib-5.5.23-9.2.10.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"tomcat5-servlet-2.4-api-5.5.23-9.2.10.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"tomcat5-webapps-5.5.23-9.2.10.1mdv2008.0", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_WEBSPHERE-AS_CE-5850.NASL
    descriptionWebsphere has been updated to version 2.1.0.1 to fix several security vulnerabilities in the included subprojects, such as Apache Geronimo and Tomcat. (CVE-2007-0184 / CVE-2007-0185 / CVE-2007-2377 / CVE-2007-2449 / CVE-2007-2450 / CVE-2007-3382 / CVE-2007-3385 / CVE-2007-3386 / CVE-2007-5333 / CVE-2007-5342 / CVE-2007-5461 / CVE-2007-5613 / CVE-2007-5615 / CVE-2007-6286 / CVE-2008-0002 / CVE-2008-1232 / CVE-2008-1947 / CVE-2008-2370 / CVE-2008-2938)
    last seen2020-06-01
    modified2020-06-02
    plugin id41596
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41596
    titleSuSE 10 Security Update : Websphere Community Edition (ZYPP Patch Number 5850)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(41596);
      script_version ("1.15");
      script_cvs_date("Date: 2019/10/25 13:36:33");
    
      script_cve_id("CVE-2007-0184", "CVE-2007-0185", "CVE-2007-2377", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-5613", "CVE-2007-5615", "CVE-2007-6286", "CVE-2008-0002", "CVE-2008-1232", "CVE-2008-1947", "CVE-2008-2370", "CVE-2008-2938");
    
      script_name(english:"SuSE 10 Security Update : Websphere Community Edition (ZYPP Patch Number 5850)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Websphere has been updated to version 2.1.0.1 to fix several security
    vulnerabilities in the included subprojects, such as Apache Geronimo
    and Tomcat. (CVE-2007-0184 / CVE-2007-0185 / CVE-2007-2377 /
    CVE-2007-2449 / CVE-2007-2450 / CVE-2007-3382 / CVE-2007-3385 /
    CVE-2007-3386 / CVE-2007-5333 / CVE-2007-5342 / CVE-2007-5461 /
    CVE-2007-5613 / CVE-2007-5615 / CVE-2007-6286 / CVE-2008-0002 /
    CVE-2008-1232 / CVE-2008-1947 / CVE-2008-2370 / CVE-2008-2938)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-0184.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-0185.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-2377.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-2449.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-2450.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3382.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3385.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3386.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-5333.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-5342.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-5461.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-5613.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-5615.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-6286.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-0002.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-1232.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-1947.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-2370.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-2938.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 5850.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"d2_elliot_name", value:"Apache Tomcat File Disclosure");
      script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(22, 79, 94, 200, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/12/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLES10", sp:2, reference:"websphere-as_ce-2.1.0.1-3.3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080311_TOMCAT_ON_SL5_X.NASL
    descriptionA directory traversal vulnerability existed in the Apache Tomcat webdav servlet. In some configurations it allowed remote authenticated users to read files accessible to the local tomcat process. (CVE-2007-5461) The default security policy in the JULI logging component did not restrict access permissions to files. This could be misused by untrusted web applications to access and write arbitrary files in the context of the tomcat process. (CVE-2007-5342)
    last seen2020-06-01
    modified2020-06-02
    plugin id60371
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60371
    titleScientific Linux Security Update : tomcat on SL5.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60371);
      script_version("1.5");
      script_cvs_date("Date: 2019/10/25 13:36:17");
    
      script_cve_id("CVE-2007-5342", "CVE-2007-5461");
    
      script_name(english:"Scientific Linux Security Update : tomcat on SL5.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A directory traversal vulnerability existed in the Apache Tomcat
    webdav servlet. In some configurations it allowed remote authenticated
    users to read files accessible to the local tomcat process.
    (CVE-2007-5461)
    
    The default security policy in the JULI logging component did not
    restrict access permissions to files. This could be misused by
    untrusted web applications to access and write arbitrary files in the
    context of the tomcat process. (CVE-2007-5342)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0803&L=scientific-linux-errata&T=0&P=1946
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?fd4f68a7"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
      script_cwe_id(22, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/03/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL5", reference:"tomcat5-5.5.23-0jpp.3.0.3.el5_1")) flag++;
    if (rpm_check(release:"SL5", reference:"tomcat5-admin-webapps-5.5.23-0jpp.3.0.3.el5_1")) flag++;
    if (rpm_check(release:"SL5", reference:"tomcat5-common-lib-5.5.23-0jpp.3.0.3.el5_1")) flag++;
    if (rpm_check(release:"SL5", reference:"tomcat5-jasper-5.5.23-0jpp.3.0.3.el5_1")) flag++;
    if (rpm_check(release:"SL5", reference:"tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.3.el5_1")) flag++;
    if (rpm_check(release:"SL5", reference:"tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.3.el5_1")) flag++;
    if (rpm_check(release:"SL5", reference:"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.3.el5_1")) flag++;
    if (rpm_check(release:"SL5", reference:"tomcat5-server-lib-5.5.23-0jpp.3.0.3.el5_1")) flag++;
    if (rpm_check(release:"SL5", reference:"tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.3.el5_1")) flag++;
    if (rpm_check(release:"SL5", reference:"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.3.el5_1")) flag++;
    if (rpm_check(release:"SL5", reference:"tomcat5-webapps-5.5.23-0jpp.3.0.3.el5_1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyWeb Servers
    NASL idTOMCAT_4_1_37.NASL
    descriptionAccording to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.37. It is, therefore, affected by the following vulnerabilities : - The remote Apache Tomcat install may be vulnerable to an information disclosure attack if the deprecated AJP connector processes a client request having a non-zero Content-Length and the client disconnects before sending the request body. (CVE-2005-3164) - The remote Apache Tomcat install may be vulnerable to a cross-site scripting attack if the JSP and Servlet examples are enabled. Several of these examples do not properly validate user input. (CVE-2007-1355, CVE-2007-2449) - The remote Apache Tomcat install may be vulnerable to a cross-site scripting attack if the Manager web application is enabled as it fails to escape input data. (CVE-2007-2450) - The remote Apache Tomcat install may be vulnerable to an information disclosure attack via cookies. Apache Tomcat treats the single quote character in a cookie as a delimiter which can lead to information, such as session ID, to be disclosed. (CVE-2007-3382) - The remote Apache Tomcat install may be vulnerable to a cross-site scripting attack if the SendMailServlet is enabled. The SendMailServlet is a part of the examples web application and, when reporting error messages, fails to escape user provided data. (CVE-2007-3383) - The remote Apache Tomcat install may be vulnerable to an information disclosure attack via cookies. The previous fix for CVE-2007-3385 was incomplete and did not account for the use of quotes or
    last seen2020-03-18
    modified2010-06-16
    plugin id47030
    published2010-06-16
    reporterThis script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47030
    titleApache Tomcat 4.x < 4.1.37 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(47030);
      script_version("1.20");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/11");
    
      script_cve_id(
        "CVE-2005-3164",
        "CVE-2007-1355",
        "CVE-2007-2449",
        "CVE-2007-2450",
        "CVE-2007-3382",
        "CVE-2007-3383",
        "CVE-2007-3385",
        "CVE-2007-5333",
        "CVE-2007-5461"
      );
      script_bugtraq_id(
        15003,
        24058,
        24475,
        24476,
        24999,
        25316,
        26070,
        27706
      );
      script_xref(name:"Secunia", value:"25678");
      script_xref(name:"Secunia", value:"26466");
      script_xref(name:"Secunia", value:"28878");
      script_xref(name:"Secunia", value:"27398");
    
      script_name(english:"Apache Tomcat 4.x < 4.1.37 Multiple Vulnerabilities");
      script_summary(english:"Checks the Apache Tomcat version.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Apache Tomcat server is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its self-reported version number, the instance of Apache
    Tomcat 4.x listening on the remote host is prior to 4.1.37. It is,
    therefore, affected by the following vulnerabilities :
    
      - The remote Apache Tomcat install may be vulnerable to an
        information disclosure attack if the deprecated AJP
        connector processes a client request having a non-zero
        Content-Length and the client disconnects before
        sending the request body. (CVE-2005-3164)
    
      - The remote Apache Tomcat install may be vulnerable to
        a cross-site scripting attack if the JSP and Servlet
        examples are enabled. Several of these examples do
        not properly validate user input.
        (CVE-2007-1355, CVE-2007-2449)
    
      - The remote Apache Tomcat install may be vulnerable to
        a cross-site scripting attack if the Manager web
        application is enabled as it fails to escape input
        data. (CVE-2007-2450)
    
      - The remote Apache Tomcat install may be vulnerable to an
        information disclosure attack via cookies. Apache Tomcat
        treats the single quote character in a cookie as a
        delimiter which can lead to information, such as session
        ID, to be disclosed. (CVE-2007-3382)
    
      - The remote Apache Tomcat install may be vulnerable to
        a cross-site scripting attack if the SendMailServlet is
        enabled. The SendMailServlet is a part of the examples
        web application and, when reporting error messages,
        fails to escape user provided data. (CVE-2007-3383)
    
      - The remote Apache Tomcat install may be vulnerable to an
        information disclosure attack via cookies. The previous
        fix for CVE-2007-3385 was incomplete and did not account
        for the use of quotes or '%5C' in cookie values.
        (CVE-2007-3385, CVE-2007-5333)
    
      - The remote Apache Tomcat install may be vulnerable to an
        information disclosure attack via the WebDAV servlet.
        Certain WebDAV requests, containing an entity with a
        SYSTEM tag, can result in the disclosure of arbitrary
        file contents. (CVE-2007-5461)
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number..");
      script_set_attribute(attribute:"see_also", value:"http://tomcat.apache.org/security-4.html#Fixed_in_Apache_Tomcat_4.1.37");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/archive/1/469067/100/0/threaded");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/archive/1/471351/100/0/threaded");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/archive/1/471357/100/0/threaded");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/archive/1/476442/100/0/threaded");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/archive/1/474413/100/0/threaded");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/archive/1/476444/100/0/threaded");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/archive/1/487822/100/0/threaded");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded");
      script_set_attribute(attribute:"solution", value:"Upgrade to Apache Tomcat version 4.1.37 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2005-3164");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(22, 79, 200);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/09/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/02/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/16");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:tomcat");
      script_set_attribute(attribute:"agent", value:"all");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("tomcat_error_version.nasl", "tomcat_win_installed.nbin", "apache_tomcat_nix_installed.nbin");
      script_require_keys("installed_sw/Apache Tomcat");
    
      exit(0);
    }
    
    include("tomcat_version.inc");
    
    tomcat_check_version(fixed:"4.1.37", min:"4.0.0", severity:SECURITY_WARNING, xss:TRUE, granularity_regex:"^4(\.1)?$");
    
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0042.NASL
    descriptionFrom Red Hat Security Advisory 2008:0042 : Updated tomcat packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. A directory traversal vulnerability existed in the Apache Tomcat webdav servlet. In some configurations it allowed remote authenticated users to read files accessible to the local tomcat process. (CVE-2007-5461) The default security policy in the JULI logging component did not restrict access permissions to files. This could be misused by untrusted web applications to access and write arbitrary files in the context of the tomcat process. (CVE-2007-5342) Users of Tomcat should update to these errata packages, which contain backported patches and are not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67640
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67640
    titleOracle Linux 5 : tomcat (ELSA-2008-0042)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2008:0042 and 
    # Oracle Linux Security Advisory ELSA-2008-0042 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67640);
      script_version("1.9");
      script_cvs_date("Date: 2019/10/25 13:36:07");
    
      script_cve_id("CVE-2007-5342", "CVE-2007-5461");
      script_bugtraq_id(26070, 27006);
      script_xref(name:"RHSA", value:"2008:0042");
    
      script_name(english:"Oracle Linux 5 : tomcat (ELSA-2008-0042)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2008:0042 :
    
    Updated tomcat packages that fix security issues and bugs are now
    available for Red Hat Enterprise Linux 5.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Tomcat is a servlet container for Java Servlet and JavaServer Pages
    technologies.
    
    A directory traversal vulnerability existed in the Apache Tomcat
    webdav servlet. In some configurations it allowed remote authenticated
    users to read files accessible to the local tomcat process.
    (CVE-2007-5461)
    
    The default security policy in the JULI logging component did not
    restrict access permissions to files. This could be misused by
    untrusted web applications to access and write arbitrary files in the
    context of the tomcat process. (CVE-2007-5342)
    
    Users of Tomcat should update to these errata packages, which contain
    backported patches and are not vulnerable to these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2008-March/000540.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected tomcat packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(22, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat5-admin-webapps");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat5-common-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat5-jasper");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat5-server-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat5-webapps");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/10/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/03/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL5", reference:"tomcat5-5.5.23-0jpp.3.0.3.el5_1")) flag++;
    if (rpm_check(release:"EL5", reference:"tomcat5-admin-webapps-5.5.23-0jpp.3.0.3.el5_1")) flag++;
    if (rpm_check(release:"EL5", reference:"tomcat5-common-lib-5.5.23-0jpp.3.0.3.el5_1")) flag++;
    if (rpm_check(release:"EL5", reference:"tomcat5-jasper-5.5.23-0jpp.3.0.3.el5_1")) flag++;
    if (rpm_check(release:"EL5", reference:"tomcat5-jasper-javadoc-5.5.23-0jpp.3.0.3.el5_1")) flag++;
    if (rpm_check(release:"EL5", reference:"tomcat5-jsp-2.0-api-5.5.23-0jpp.3.0.3.el5_1")) flag++;
    if (rpm_check(release:"EL5", reference:"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.3.0.3.el5_1")) flag++;
    if (rpm_check(release:"EL5", reference:"tomcat5-server-lib-5.5.23-0jpp.3.0.3.el5_1")) flag++;
    if (rpm_check(release:"EL5", reference:"tomcat5-servlet-2.4-api-5.5.23-0jpp.3.0.3.el5_1")) flag++;
    if (rpm_check(release:"EL5", reference:"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.3.0.3.el5_1")) flag++;
    if (rpm_check(release:"EL5", reference:"tomcat5-webapps-5.5.23-0jpp.3.0.3.el5_1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2008-007.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-007 applied. This security update contains fixes for the following products : - Apache - Certificates - ClamAV - ColorSync - CUPS - Finder - launchd - libxslt - MySQL Server - Networking - PHP - Postfix - PSNormalizer - QuickLook - rlogin - Script Editor - Single Sign-On - Tomcat - vim - Weblog
    last seen2020-06-01
    modified2020-06-02
    plugin id34374
    published2008-10-10
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34374
    titleMac OS X Multiple Vulnerabilities (Security Update 2008-007)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    if (!defined_func("bn_random")) exit(0);
    if (NASL_LEVEL < 3004) exit(0);
    
    
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34374);
      script_version("1.31");
      script_cvs_date("Date: 2018/07/14  1:59:35");
    
      script_cve_id(
        "CVE-2007-2691",
        "CVE-2007-4850",
        "CVE-2007-5333",
        "CVE-2007-5342",
        "CVE-2007-5461",
        "CVE-2007-5969",
        "CVE-2007-6286",
        "CVE-2007-6420",
        "CVE-2008-0002",
        "CVE-2008-0226",
        "CVE-2008-0227",
        "CVE-2008-0674",
        "CVE-2008-1232",
        "CVE-2008-1389",
        "CVE-2008-1678",
        "CVE-2008-1767",
        "CVE-2008-1947",
        "CVE-2008-2079",
        "CVE-2008-2364",
        "CVE-2008-2370",
        "CVE-2008-2371",
        "CVE-2008-2712",
        "CVE-2008-2938",
        "CVE-2008-3294",
        "CVE-2008-3432",
        "CVE-2008-3641",
        "CVE-2008-3642",
        "CVE-2008-3643",
        "CVE-2008-3645",
        "CVE-2008-3646",
        "CVE-2008-3647",
        "CVE-2008-3912",
        "CVE-2008-3913",
        "CVE-2008-3914",
        "CVE-2008-4101",
        "CVE-2008-4211",
        "CVE-2008-4212",
        "CVE-2008-4214",
        "CVE-2008-4215"
      );
      script_bugtraq_id(
        24016,
        26070,
        26765,
        27006,
        27140,
        27236,
        27413,
        27703,
        27706,
        27786,
        29106,
        29312,
        29502,
        29653,
        29715,
        30087,
        30279,
        30494,
        30496,
        30633,
        30795,
        30994,
        31051,
        31681,
        31692,
        31707,
        31708,
        31711,
        31715,
        31716,
        31718,
        31719,
        31720,
        31721,
        31722
      );
    
      script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2008-007)");
      script_summary(english:"Check for the presence of Security Update 2008-007");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a Mac OS X update that fixes various
    security issues." );
      script_set_attribute(attribute:"description", value:
    "The remote host is running a version of Mac OS X 10.5 or 10.4 that
    does not have the security update 2008-007 applied. 
    
    This security update contains fixes for the following products :
    
      - Apache
      - Certificates
      - ClamAV
      - ColorSync
      - CUPS
      - Finder
      - launchd
      - libxslt
      - MySQL Server
      - Networking
      - PHP
      - Postfix
      - PSNormalizer
      - QuickLook
      - rlogin
      - Script Editor
      - Single Sign-On
      - Tomcat
      - vim
      - Weblog" );
      script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT3216" );
      script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" );
      script_set_attribute(attribute:"solution", value:
    "Install Security Update 2008-007 or later." );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"d2_elliot_name", value:"Apache Tomcat File Disclosure");
      script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'MySQL yaSSL SSL Hello Message Buffer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(16, 20, 22, 79, 94, 119, 189, 200, 264, 352, 362, 399);
    script_set_attribute(attribute:"plugin_publication_date", value: "2008/10/10");
      script_set_attribute(attribute:"vuln_publication_date", value: "2007/10/15");
      script_set_attribute(attribute:"patch_publication_date", value: "2008/10/09");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
      script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/MacOSX/packages", "Host/uname");
      exit(0);
    }
    
    
    uname = get_kb_item("Host/uname");
    if (!uname) exit(0);
    
    if (egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname))
    {
      packages = get_kb_item("Host/MacOSX/packages");
      if (!packages) exit(0);
    
      if (!egrep(pattern:"^SecUpd(Srvr)?(2008-00[78]|2009-|20[1-9][0-9]-)", string:packages))
        security_hole(0);
    }
    else if (egrep(pattern:"Darwin.* (9\.[0-5]\.)", string:uname))
    {
      packages = get_kb_item("Host/MacOSX/packages/boms");
      if (!packages) exit(0);
    
      if (!egrep(pattern:"^com\.apple\.pkg\.update\.security\.2008\.007\.bom", string:packages))
        security_hole(0);
    }
    
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0151.NASL
    descriptionUpdated JBoss Enterprise Application Platform (JBEAP) packages that fix several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. JBoss Enterprise Application Platform (JBEAP) is a middleware platform for Java 2 Platform, Enterprise Edition (J2EE) applications. This release of JBEAP for Red Hat Enterprise Linux 4 contains the JBoss Application Server and JBoss Seam. This release serves as a replacement to JBEAP 4.2.0.GA. It fixes several security issues : The JFreeChart component was vulnerable to multiple cross-site scripting (XSS) vulnerabilities. An attacker could misuse the image map feature to inject arbitrary web script, or HTML, via several attributes of the chart area. (CVE-2007-6306) A vulnerability caused by exposing static Java methods was located within the HSQLDB component. This could be utilized by an attacker to execute arbitrary static Java methods. (CVE-2007-4575) The setOrder method in the org.jboss.seam.framework.Query class did not correctly validate user-supplied parameters. This vulnerability allowed remote attackers to inject, and execute, arbitrary Enterprise JavaBeans Query Language (EJB QL) commands via the order parameter. (CVE-2007-6433) These updated packages include bug fixes and enhancements which are not listed here. For a full list, please refer to the JBEAP 4.2.0CP02 release notes: http://redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp02/readme.html Warning: before applying this update, please backup the JBEAP
    last seen2020-06-01
    modified2020-06-02
    plugin id63848
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63848
    titleRHEL 4 : JBoss EAP (RHSA-2008:0151)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0151. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63848);
      script_version("1.16");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2007-4575", "CVE-2007-5461", "CVE-2007-6306", "CVE-2007-6433", "CVE-2008-0002");
      script_bugtraq_id(26703, 26752);
      script_xref(name:"RHSA", value:"2008:0151");
    
      script_name(english:"RHEL 4 : JBoss EAP (RHSA-2008:0151)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated JBoss Enterprise Application Platform (JBEAP) packages that
    fix several security issues are now available.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    JBoss Enterprise Application Platform (JBEAP) is a middleware platform
    for Java 2 Platform, Enterprise Edition (J2EE) applications.
    
    This release of JBEAP for Red Hat Enterprise Linux 4 contains the
    JBoss Application Server and JBoss Seam. This release serves as a
    replacement to JBEAP 4.2.0.GA. It fixes several security issues :
    
    The JFreeChart component was vulnerable to multiple cross-site
    scripting (XSS) vulnerabilities. An attacker could misuse the image
    map feature to inject arbitrary web script, or HTML, via several
    attributes of the chart area. (CVE-2007-6306)
    
    A vulnerability caused by exposing static Java methods was located
    within the HSQLDB component. This could be utilized by an attacker to
    execute arbitrary static Java methods. (CVE-2007-4575)
    
    The setOrder method in the org.jboss.seam.framework.Query class did
    not correctly validate user-supplied parameters. This vulnerability
    allowed remote attackers to inject, and execute, arbitrary Enterprise
    JavaBeans Query Language (EJB QL) commands via the order parameter.
    (CVE-2007-6433)
    
    These updated packages include bug fixes and enhancements which are
    not listed here. For a full list, please refer to the JBEAP 4.2.0CP02
    release notes:
    http://redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp02/readme.html
    
    Warning: before applying this update, please backup the JBEAP
    'server/[configuration]/deploy/' directory, and any other customized
    configuration files.
    
    All users of JBEAP on Red Hat Enterprise Linux 4 are advised to
    upgrade to these updated packages, which resolve these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-4575"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5461"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-6306"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-6433"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-0002"
      );
      # http://redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp02/readme.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/documentation/en-us/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:0151"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(20, 22, 79, 94);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:concurrent");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glassfish-jaf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glassfish-javamail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glassfish-jsf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glassfish-jstl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate3-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hsqldb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jacorb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-aop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-cache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-remoting");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-seam");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-seam-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossweb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossws-jboss42");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossws-wsconsume-impl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossxb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jcommon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jfreechart");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jgroups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-eap-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-eap-docs-examples");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:wsdl4j");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/10/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/04/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:0151";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL4", rpm:"jbossas-4"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "JBoss EAP");
    
      if (rpm_check(release:"RHEL4", reference:"concurrent-1.3.4-7jpp.ep1.6.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"glassfish-jaf-1.1.0-0jpp.ep1.10.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"glassfish-javamail-1.4.0-0jpp.ep1.8")) flag++;
      if (rpm_check(release:"RHEL4", reference:"glassfish-jsf-1.2_04-1.p02.0jpp.ep1.18")) flag++;
      if (rpm_check(release:"RHEL4", reference:"glassfish-jstl-1.2.0-0jpp.ep1.2")) flag++;
      if (rpm_check(release:"RHEL4", reference:"hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"hibernate3-annotations-javadoc-3.2.1-1.patch02.1jpp.ep1.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"hibernate3-entitymanager-3.2.1-1jpp.ep1.6.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.6.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"hibernate3-javadoc-3.2.4-1.SP1_CP02.0jpp.ep1.1.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"hsqldb-1.8.0.8-2.patch01.1jpp.ep1.1")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jacorb-2.3.0-1jpp.ep1.4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jboss-aop-1.5.5-1.CP01.0jpp.ep1.1.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jboss-cache-1.4.1-4.SP8_CP01.1jpp.ep1.1.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jboss-common-1.2.1-0jpp.ep1.2")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jboss-remoting-2.2.2-3.SP4.0jpp.ep1.1")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jboss-seam-1.2.1-1.ep1.3.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jboss-seam-docs-1.2.1-1.ep1.3.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jbossas-4.2.0-3.GA_CP02.ep1.3.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jbossweb-2.0.0-3.CP05.0jpp.ep1.1")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jbossws-jboss42-1.2.1-0jpp.ep1.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jbossws-wsconsume-impl-2.0.0-0jpp.ep1.3")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jbossxb-1.0.0-2.SP1.0jpp.ep1.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jcommon-1.0.12-1jpp.ep1.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jfreechart-1.0.9-1jpp.ep1.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jgroups-2.4.1-1.SP4.0jpp.ep1.2")) flag++;
      if (rpm_check(release:"RHEL4", reference:"rh-eap-docs-4.2.0-3.GA_CP02.ep1.1.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"rh-eap-docs-examples-4.2.0-3.GA_CP02.ep1.1.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"wsdl4j-1.6.2-1jpp.ep1.8")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "concurrent / glassfish-jaf / glassfish-javamail / glassfish-jsf / etc");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-3456.NASL
    descriptionUpdated Tomcat5 packages that fix several security bugs are now available for Fedora Core 7. This update includes fixes to the following : - CVE-2007-1355 - CVE-2007-3386 - CVE-2007-3385 - CVE-2007-3382 - CVE-2007-2450 - CVE-2007-2449 - CVE-2007-5461 - CVE-2007-1358 All users of tomcat are advised to update to these packages. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28257
    published2007-11-20
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28257
    titleFedora 7 : tomcat5-5.5.25-1jpp.1.fc7 (2007-3456)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2007-3456.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(28257);
      script_version ("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:26");
    
      script_cve_id("CVE-2007-1355", "CVE-2007-1358", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5461");
      script_bugtraq_id(24475, 24476, 24524, 25316, 26070);
      script_xref(name:"FEDORA", value:"2007-3456");
    
      script_name(english:"Fedora 7 : tomcat5-5.5.25-1jpp.1.fc7 (2007-3456)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated Tomcat5 packages that fix several security bugs are now
    available for Fedora Core 7.
    
    This update includes fixes to the following :
    
      - CVE-2007-1355
    
        - CVE-2007-3386
    
        - CVE-2007-3385
    
        - CVE-2007-3382
    
        - CVE-2007-2450
    
        - CVE-2007-2449
    
        - CVE-2007-5461
    
        - CVE-2007-1358
    
    All users of tomcat are advised to update to these packages.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=244803"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=244804"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=244808"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=244810"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=247972"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=247976"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=247994"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=253166"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2007-November/004929.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?93b8a7ae"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(22, 79, 200);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5-admin-webapps");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5-common-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5-jasper");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5-jasper-eclipse");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5-jasper-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5-jsp-2.0-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5-jsp-2.0-api-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5-server-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5-servlet-2.4-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5-servlet-2.4-api-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5-webapps");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/05/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/11/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC7", reference:"tomcat5-5.5.25-1jpp.1.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"tomcat5-admin-webapps-5.5.25-1jpp.1.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"tomcat5-common-lib-5.5.25-1jpp.1.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"tomcat5-debuginfo-5.5.25-1jpp.1.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"tomcat5-jasper-5.5.25-1jpp.1.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"tomcat5-jasper-eclipse-5.5.25-1jpp.1.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"tomcat5-jasper-javadoc-5.5.25-1jpp.1.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"tomcat5-jsp-2.0-api-5.5.25-1jpp.1.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"tomcat5-jsp-2.0-api-javadoc-5.5.25-1jpp.1.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"tomcat5-server-lib-5.5.25-1jpp.1.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"tomcat5-servlet-2.4-api-5.5.25-1jpp.1.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"tomcat5-servlet-2.4-api-javadoc-5.5.25-1jpp.1.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"tomcat5-webapps-5.5.25-1jpp.1.fc7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-8130.NASL
    description - Mon Sep 15 2008 David Walluck <dwalluck at redhat.com> 0:5.5.27-0jpp.2 - add commons-io symlink - Mon Sep 15 2008 David Walluck <dwalluck at redhat.com> 0:5.5.27-0jpp.1 - 5.5.27 Resolves: rhbz#456120 Resolves: rhbz#457934 Resolves: rhbz#446393 Resolves: rhbz#457597 - Tue Feb 12 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.2 - Rebuilt - Fri Feb 8 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.1 - Update to new upstream version, which also fixes the following : - CVE-2007-5342 - CVE-2007-5333 - CVE-2007-5461 - CVE-2007-6286 - Removed patch20, now in upstream. - Sat Jan 5 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-2jpp.2 - Fix for bz #153187 - Fix init script for bz #380921 - Fix tomcat5.conf and spec file for bz #253605 - Fix for bz #426850 - Fix for bz #312561 - Fix init script, per bz #247077 - Fix builds on alpha, per bz #253827 - Thu Nov 15 2007 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-1jpp.1 - Updated to 5.5.25, to fix the following issues : - CVE-2007-1355 - CVE-2007-3386 - CVE-2007-3385 - CVE-2007-3382 - CVE-2007-2450, RH bugzilla #244808, #244810, #244812, #363081 - CVE-2007-2449, RH bugzilla #244810, #244812, #244804, #363081 - Applied patch(20) for RH bugzilla #333791, CVE-2007-5461 - Applied patch(21) for RH bugzilla #244803, #244812, #363081, CVE-2007-1358 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id34227
    published2008-09-17
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34227
    titleFedora 8 : tomcat5-5.5.27-0jpp.2.fc8 (2008-8130)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1453.NASL
    descriptionSeveral remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3382 It was discovered that single quotes (
    last seen2020-06-01
    modified2020-06-02
    plugin id29872
    published2008-01-08
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29872
    titleDebian DSA-1453-1 : tomcat5 - several vulnerabilities
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2008-00010.NASL
    descriptionUpdated ESX patches and VirtualCenter update 2 fix the following application vulnerabilities. a. Tomcat Server Security Update This release of ESX updates the Tomcat Server package to version 5.5.26, which addresses multiple security issues that existed in earlier releases of Tomcat Server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286 to the security issues fixed in Tomcat 5.5.26. b. JRE Security Update This release of ESX and VirtualCenter updates the JRE package to version 1.5.0_15, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-1185, CVE-2008-1186, CVE-2008-1187, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195, CVE-2008-1196, CVE-2008-0657, CVE-2007-5689, CVE-2007-5232, CVE-2007-5236, CVE-2007-5237, CVE-2007-5238, CVE-2007-5239, CVE-2007-5240, CVE-2007-5274 to the security issues fixed in JRE 1.5.0_12, JRE 1.5.0_13, JRE 1.5.0_14, JRE 1.5.0_15. Notes: These vulnerabilities can be exploited remotely only if the attacker has access to the service console network. Security best practices provided by VMware recommend that the service console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices.
    last seen2017-10-29
    modified2012-04-26
    plugin id40371
    published2009-07-27
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=40371
    titleVMSA-2008-00010 : Updated Tomcat and Java JRE packages for VMware, ESX 3.5 and VirtualCenter 2.5 (DEPRECATED)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2008-0010.NASL
    descriptionESX patches and updates for VirtualCenter fix the following application vulnerabilities. a. Tomcat Server Security Update The ESX patches and the updates for VirtualCenter update the Tomcat Server package to version 5.5.26, which addresses multiple security issues that existed in earlier releases of Tomcat Server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286 to the security issues fixed in Tomcat 5.5.26. b. JRE Security Update The ESX patches and the updates for VirtualCenter update the JRE package to version 1.5.0_15, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-1185, CVE-2008-1186, CVE-2008-1187, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195, CVE-2008-1196, CVE-2008-0657, CVE-2007-5689, CVE-2007-5232, CVE-2007-5236, CVE-2007-5237, CVE-2007-5238, CVE-2007-5239, CVE-2007-5240, CVE-2007-5274 to the security issues fixed in JRE 1.5.0_12, JRE 1.5.0_13, JRE 1.5.0_14, JRE 1.5.0_15.
    last seen2020-06-01
    modified2020-06-02
    plugin id40379
    published2009-07-27
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40379
    titleVMSA-2008-0010 : Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0042.NASL
    descriptionUpdated tomcat packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. A directory traversal vulnerability existed in the Apache Tomcat webdav servlet. In some configurations it allowed remote authenticated users to read files accessible to the local tomcat process. (CVE-2007-5461) The default security policy in the JULI logging component did not restrict access permissions to files. This could be misused by untrusted web applications to access and write arbitrary files in the context of the tomcat process. (CVE-2007-5342) Users of Tomcat should update to these errata packages, which contain backported patches and are not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43669
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43669
    titleCentOS 5 : tomcat (CESA-2008:0042)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0042.NASL
    descriptionUpdated tomcat packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. A directory traversal vulnerability existed in the Apache Tomcat webdav servlet. In some configurations it allowed remote authenticated users to read files accessible to the local tomcat process. (CVE-2007-5461) The default security policy in the JULI logging component did not restrict access permissions to files. This could be misused by untrusted web applications to access and write arbitrary files in the context of the tomcat process. (CVE-2007-5342) Users of Tomcat should update to these errata packages, which contain backported patches and are not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31448
    published2008-03-13
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31448
    titleRHEL 5 : tomcat (RHSA-2008:0042)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-1467.NASL
    description---------------------------------------------------------------------- ---------- ChangeLog : - Tue Feb 12 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.2 - Rebuilt - Fri Feb 8 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.1 - Update to new upstream version, which also fixes the following : - CVE-2007-5342 - CVE-2007-5333 - CVE-2007-5461 - CVE-2007-6286 - Removed patch20, now in upstream. - Sat Jan 5 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-2jpp.2 - Fix for bz #153187 - Fix init script for bz #380921 - Fix tomcat5.conf and spec file for bz #253605 - Fix for bz #426850 - Fix for bz #312561 - Fix init script, per bz #247077 - Fix builds on alpha, per bz #253827 - Thu Nov 15 2007 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-1jpp.1 - Updated to 5.5.25, to fix the following issues : - CVE-2007-1355 - CVE-2007-3386 - CVE-2007-3385 - CVE-2007-3382 - CVE-2007-2450, RH bugzilla #244808, #244810, #244812, #363081 - CVE-2007-2449, RH bugzilla #244810, #244812, #244804, #363081 - Applied patch(20) for RH bugzilla #333791, CVE-2007-5461 - Applied patch(21) for RH bugzilla #244803, #244812, #363081, CVE-2007-1358 - Mon Aug 6 2007 Ben Konrath <bkonrath at redhat.com> 0:5.5.23-9jpp.4 - Add jasper-eclipse subpackage which is needed for eclipse 3.3. - Inject OSGi manifest into servlet api jar and jsp api jar. - Mon Jul 23 2007 Vivek Lakshmanan <vivekl at redhat.com> 0:5.5.23-9jpp.3 - Resolves: Bug 246374 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31062
    published2008-02-14
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31062
    titleFedora 7 : tomcat5-5.5.26-1jpp.2.fc7 (2008-1467)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0524.NASL
    descriptionRed Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server 4.2. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Multiple flaws were fixed in the OpenMotif package. (CVE-2004-0687, CVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43837
    published2010-01-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43837
    titleRHEL 3 / 4 : Satellite Server (RHSA-2008:0524)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-1603.NASL
    description - Tue Feb 12 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.2 - Rebuilt - Fri Feb 8 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.1 - Update to new upstream version, which also fixes the following : - CVE-2007-5342 - CVE-2007-5333 - CVE-2007-5461 - CVE-2007-6286 - Removed patch20, now in upstream. - Sat Jan 5 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-2jpp.2 - Fix for bz #153187 - Fix init script for bz #380921 - Fix tomcat5.conf and spec file for bz #253605 - Fix for bz #426850 - Fix for bz #312561 - Fix init script, per bz #247077 - Fix builds on alpha, per bz #253827 - Thu Nov 15 2007 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-1jpp.1 - Updated to 5.5.25, to fix the following issues : - CVE-2007-1355 - CVE-2007-3386 - CVE-2007-3385 - CVE-2007-3382 - CVE-2007-2450, RH bugzilla #244808, #244810, #244812, #363081 - CVE-2007-2449, RH bugzilla #244810, #244812, #244804, #363081 - Applied patch(20) for RH bugzilla #333791, CVE-2007-5461 - Applied patch(21) for RH bugzilla #244803, #244812, #363081, CVE-2007-1358 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31074
    published2008-02-14
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31074
    titleFedora 8 : tomcat5-5.5.26-1jpp.2.fc8 (2008-1603)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2009-0016.NASL
    descriptiona. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. b. Update Apache Tomcat version Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5) which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. c. Third-party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer
    last seen2020-06-01
    modified2020-06-02
    plugin id42870
    published2009-11-23
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42870
    titleVMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200804-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200804-10 (Tomcat: Multiple vulnerabilities) The following vulnerabilities were reported: Delian Krustev discovered that the JULI logging component does not properly enforce access restrictions, allowing web application to add or overwrite files (CVE-2007-5342). When the native APR connector is used, Tomcat does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of a duplicate copy of one of the recent requests (CVE-2007-6286). If the processing or parameters is interrupted, i.e. by an exception, then it is possible for the parameters to be processed as part of later request (CVE-2008-0002). An absolute path traversal vulnerability exists due to the way that WebDAV write requests are handled (CVE-2007-5461). Tomcat does not properly handle double quote (
    last seen2020-06-01
    modified2020-06-02
    plugin id31957
    published2008-04-17
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31957
    titleGLSA-200804-10 : Tomcat: Multiple vulnerabilities
  • NASL familyWeb Servers
    NASL idTOMCAT_5_5_26.NASL
    descriptionAccording to its self-reported version number, the instance of Apache Tomcat listening on the remote host is prior to 5.5.26. It is, therefore, affected by multiple vulnerabilities : - The remote Apache Tomcat install may be vulnerable to an information disclosure attack via cookies. The previous fix for CVE-2007-3385 was incomplete and did not account for the use of quotes or
    last seen2020-03-18
    modified2010-07-01
    plugin id47576
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47576
    titleApache Tomcat < 5.5.26 Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-3474.NASL
    descriptionUpdated Tomcat5 packages that fix several security bugs are now available for Fedora Core 8. This update includes fixes to the following : - CVE-2007-1355 - CVE-2007-3386 - CVE-2007-3385 - CVE-2007-3382 - CVE-2007-2450 - CVE-2007-2449 - CVE-2007-5461 - CVE-2007-1358 All users of tomcat are advised to update to these packages. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28258
    published2007-11-20
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28258
    titleFedora 8 : tomcat5-5.5.25-1jpp.1.fc8 (2007-3474)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_5_4.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.4. Mac OS X 10.5.4 contains security fixes for multiple components.
    last seen2020-06-01
    modified2020-06-02
    plugin id33281
    published2008-07-01
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33281
    titleMac OS X 10.5.x < 10.5.4 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0630.NASL
    descriptionRed Hat Network Satellite Server version 5.1.1 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. During an internal security audit, it was discovered that Red Hat Network Satellite Server shipped with an XML-RPC script, manzier.pxt, which had a single hard-coded authentication key. A remote attacker who is able to connect to the Satellite Server XML-RPC service could use this flaw to obtain limited information about Satellite Server users, such as login names, associated email addresses, internal user IDs, and partial information about entitlements. (CVE-2008-2369) This release also corrects several security vulnerabilities in various components shipped as part of Red Hat Network Satellite Server 5.1. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Apache Tomcat package. (CVE-2005-4838, CVE-2006-0254, CVE-2007-1355, CVE-2007-1358, CVE-2007-2449, CVE-2007-5461, CVE-2008-0128) Users of Red Hat Network Satellite Server 5.1 are advised to upgrade to 5.1.1, which resolves these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43840
    published2010-01-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43840
    titleRHEL 4 : Satellite Server (RHSA-2008:0630)
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2009-0016_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Geronimo - Apache Tomcat - Apache Xerces2 - cURL/libcURL - ISC BIND - Libxml2 - Linux kernel - Linux kernel 64-bit - Linux kernel Common Internet File System - Linux kernel eCryptfs - NTP - Python - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Abstract Window Toolkit (AWT) - Java SE Plugin - Java SE Provider - Java SE Swing - Java SE Web Start
    last seen2020-06-01
    modified2020-06-02
    plugin id89117
    published2016-03-03
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89117
    titleVMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0213.NASL
    descriptionNew JBoss Enterprise Application Platform (JBEAP) packages, comprising the 4.2.0.CP02 release, are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. JBEAP is a middleware platform for Java 2 Platform, Enterprise Edition (J2EE) applications. This release of JBEAP for Red Hat Enterprise Linux 5 contains the JBoss Application Server and JBoss Seam and serves as a replacement for JBEAP 4.2.0.GA_CP01. As well as fixing numerous bugs and adding enhancements, these updated packages addresses several security issues. The JFreeChart component was vulnerable to multiple cross-site scripting (XSS) vulnerabilities. An attacker could misuse the image map feature to inject arbitrary web script or HTML via several attributes of the chart area. (CVE-2007-6306) A vulnerability caused by exposing static java methods was located within the HSQLDB component. This could be utilized by an attacker to execute arbitrary static java methods. (CVE-2007-4575) The setOrder method in the org.jboss.seam.framework.Query class did not properly validate user-supplied parameters. This vulnerability allowed remote attackers to inject and execute arbitrary EJBQL commands via the order parameter. (CVE-2007-6433) For details regarding the bug fixes and enhancements included with this update, please see the JBoss Enterprise Application Platform 4.2.0.CP02 Release Notes, linked to in the References section below. All Red Hat Enterprise Linux 5 users wanting to use the JBoss Enterprise Application Platform are advised to install these new packages.
    last seen2020-06-01
    modified2020-06-02
    plugin id63851
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63851
    titleRHEL 5 : JBoss EAP (RHSA-2008:0213)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2008-004.NASL
    descriptionThe remote host is running a version of Mac OS X 10.4 that does not have the security update 2008-004 applied. This update contains security fixes for a number of programs.
    last seen2020-06-01
    modified2020-06-02
    plugin id33282
    published2008-07-01
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33282
    titleMac OS X Multiple Vulnerabilities (Security Update 2008-004)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-136.NASL
    descriptionMultiple security vulnerabilities has been identified and fixed in tomcat5 : When Tomcat
    last seen2020-06-01
    modified2020-06-02
    plugin id39485
    published2009-06-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39485
    titleMandriva Linux Security Advisory : tomcat5 (MDVSA-2009:136)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1447.NASL
    descriptionSeveral remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3382 It was discovered that single quotes (
    last seen2020-06-01
    modified2020-06-02
    plugin id29856
    published2008-01-07
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29856
    titleDebian DSA-1447-1 : tomcat5.5 - several vulnerabilities

Oval

accepted2013-04-29T04:18:29.628-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionAbsolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
familyunix
idoval:org.mitre.oval:def:9202
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleAbsolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
version18

Redhat

advisories
  • bugzilla
    id427216
    titleCVE-2007-5342 Apache Tomcat's default security policy is too open
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commenttomcat5-admin-webapps is earlier than 0:5.5.23-0jpp.3.0.3.el5_1
            ovaloval:com.redhat.rhsa:tst:20080042001
          • commenttomcat5-admin-webapps is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327008
        • AND
          • commenttomcat5-servlet-2.4-api is earlier than 0:5.5.23-0jpp.3.0.3.el5_1
            ovaloval:com.redhat.rhsa:tst:20080042003
          • commenttomcat5-servlet-2.4-api is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327022
        • AND
          • commenttomcat5-jsp-2.0-api is earlier than 0:5.5.23-0jpp.3.0.3.el5_1
            ovaloval:com.redhat.rhsa:tst:20080042005
          • commenttomcat5-jsp-2.0-api is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327004
        • AND
          • commenttomcat5-server-lib is earlier than 0:5.5.23-0jpp.3.0.3.el5_1
            ovaloval:com.redhat.rhsa:tst:20080042007
          • commenttomcat5-server-lib is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327020
        • AND
          • commenttomcat5-servlet-2.4-api-javadoc is earlier than 0:5.5.23-0jpp.3.0.3.el5_1
            ovaloval:com.redhat.rhsa:tst:20080042009
          • commenttomcat5-servlet-2.4-api-javadoc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327016
        • AND
          • commenttomcat5-webapps is earlier than 0:5.5.23-0jpp.3.0.3.el5_1
            ovaloval:com.redhat.rhsa:tst:20080042011
          • commenttomcat5-webapps is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327006
        • AND
          • commenttomcat5 is earlier than 0:5.5.23-0jpp.3.0.3.el5_1
            ovaloval:com.redhat.rhsa:tst:20080042013
          • commenttomcat5 is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327014
        • AND
          • commenttomcat5-common-lib is earlier than 0:5.5.23-0jpp.3.0.3.el5_1
            ovaloval:com.redhat.rhsa:tst:20080042015
          • commenttomcat5-common-lib is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327002
        • AND
          • commenttomcat5-jsp-2.0-api-javadoc is earlier than 0:5.5.23-0jpp.3.0.3.el5_1
            ovaloval:com.redhat.rhsa:tst:20080042017
          • commenttomcat5-jsp-2.0-api-javadoc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327012
        • AND
          • commenttomcat5-jasper is earlier than 0:5.5.23-0jpp.3.0.3.el5_1
            ovaloval:com.redhat.rhsa:tst:20080042019
          • commenttomcat5-jasper is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327010
        • AND
          • commenttomcat5-jasper-javadoc is earlier than 0:5.5.23-0jpp.3.0.3.el5_1
            ovaloval:com.redhat.rhsa:tst:20080042021
          • commenttomcat5-jasper-javadoc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327018
    rhsa
    idRHSA-2008:0042
    released2008-03-11
    severityModerate
    titleRHSA-2008:0042: tomcat security update (Moderate)
  • rhsa
    idRHSA-2008:0195
  • rhsa
    idRHSA-2008:0261
  • rhsa
    idRHSA-2008:0630
  • rhsa
    idRHSA-2008:0862
rpms
  • tomcat5-0:5.5.23-0jpp.3.0.3.el5_1
  • tomcat5-admin-webapps-0:5.5.23-0jpp.3.0.3.el5_1
  • tomcat5-common-lib-0:5.5.23-0jpp.3.0.3.el5_1
  • tomcat5-debuginfo-0:5.5.23-0jpp.3.0.3.el5_1
  • tomcat5-jasper-0:5.5.23-0jpp.3.0.3.el5_1
  • tomcat5-jasper-javadoc-0:5.5.23-0jpp.3.0.3.el5_1
  • tomcat5-jsp-2.0-api-0:5.5.23-0jpp.3.0.3.el5_1
  • tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1
  • tomcat5-server-lib-0:5.5.23-0jpp.3.0.3.el5_1
  • tomcat5-servlet-2.4-api-0:5.5.23-0jpp.3.0.3.el5_1
  • tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.3.0.3.el5_1
  • tomcat5-webapps-0:5.5.23-0jpp.3.0.3.el5_1
  • concurrent-0:1.3.4-7jpp.ep1.6.el4
  • glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4
  • glassfish-javamail-0:1.4.0-0jpp.ep1.8
  • glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18
  • glassfish-jstl-0:1.2.0-0jpp.ep1.2
  • hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4
  • hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4
  • hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4
  • hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4
  • hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4
  • hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4
  • hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1
  • jacorb-0:2.3.0-1jpp.ep1.4
  • jacorb-demo-0:2.3.0-1jpp.ep1.4
  • jacorb-javadoc-0:2.3.0-1jpp.ep1.4
  • jacorb-manual-0:2.3.0-1jpp.ep1.4
  • jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4
  • jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4
  • jboss-common-0:1.2.1-0jpp.ep1.2
  • jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1
  • jboss-seam-0:1.2.1-1.ep1.3.el4
  • jboss-seam-docs-0:1.2.1-1.ep1.3.el4
  • jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4
  • jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1
  • jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4
  • jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3
  • jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4
  • jcommon-0:1.0.12-1jpp.ep1.2.el4
  • jfreechart-0:1.0.9-1jpp.ep1.2.el4
  • jgroups-1:2.4.1-1.SP4.0jpp.ep1.2
  • rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4
  • rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4
  • wsdl4j-0:1.6.2-1jpp.ep1.8
  • concurrent-0:1.3.4-7jpp.ep1.6.el4
  • concurrent-0:1.3.4-8jpp.ep1.6.el5.1
  • glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4
  • glassfish-javamail-0:1.4.0-0jpp.ep1.8
  • glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18
  • glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5
  • glassfish-jstl-0:1.2.0-0jpp.ep1.2
  • glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5
  • hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1
  • hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4
  • hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4
  • hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1
  • hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4
  • hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1
  • hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4
  • hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5
  • hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4
  • hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5
  • hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1
  • hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4
  • hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1
  • jacorb-0:2.3.0-1jpp.ep1.4
  • jacorb-0:2.3.0-1jpp.ep1.5.el5
  • jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4
  • jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5
  • jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4
  • jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5
  • jboss-common-0:1.2.1-0jpp.ep1.2
  • jboss-common-0:1.2.1-0jpp.ep1.2.el5.1
  • jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1
  • jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5
  • jboss-seam-0:1.2.1-1.ep1.3.el4
  • jboss-seam-0:1.2.1-1.ep1.3.el5
  • jboss-seam-docs-0:1.2.1-1.ep1.3.el4
  • jboss-seam-docs-0:1.2.1-1.ep1.3.el5
  • jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4
  • jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3
  • jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1
  • jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5
  • jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4
  • jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1
  • jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3
  • jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5
  • jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4
  • jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1
  • jcommon-0:1.0.12-1jpp.ep1.2.el4
  • jcommon-0:1.0.12-1jpp.ep1.2.el5
  • jfreechart-0:1.0.9-1jpp.ep1.2.el4
  • jfreechart-0:1.0.9-1jpp.ep1.2.el5.1
  • jgroups-1:2.4.1-1.SP4.0jpp.ep1.2
  • jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5
  • juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1
  • rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4
  • rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1
  • rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4
  • rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1
  • wsdl4j-0:1.6.2-1jpp.ep1.8
  • tomcat5-0:5.5.23-0jpp_11rh
  • tomcat5-common-lib-0:5.5.23-0jpp_11rh
  • tomcat5-jasper-0:5.5.23-0jpp_11rh
  • tomcat5-jsp-2.0-api-0:5.5.23-0jpp_11rh
  • tomcat5-server-lib-0:5.5.23-0jpp_11rh
  • tomcat5-servlet-2.4-api-0:5.5.23-0jpp_11rh
  • concurrent-0:1.3.4-8jpp.ep1.6.el5.1
  • glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5
  • glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5
  • glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5
  • glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5
  • hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1
  • hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1
  • hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1
  • hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5
  • hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5
  • hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1
  • jacorb-0:2.3.0-1jpp.ep1.5.el5
  • jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5
  • jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5
  • jboss-common-0:1.2.1-0jpp.ep1.2.el5.1
  • jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5
  • jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5
  • jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5
  • jboss-seam-0:1.2.1-1.ep1.3.el5
  • jboss-seam-docs-0:1.2.1-1.ep1.3.el5
  • jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3
  • jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5
  • jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1
  • jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5
  • jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1
  • jcommon-0:1.0.12-1jpp.ep1.2.el5
  • jfreechart-0:1.0.9-1jpp.ep1.2.el5.1
  • jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5
  • juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1
  • rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1
  • rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1
  • ws-commons-policy-0:1.0-2jpp.ep1.4.el5
  • jabberd-0:2.0s10-3.38.rhn
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
  • jfreechart-0:0.9.20-3.rhn
  • openmotif21-0:2.1.30-11.RHEL4.6
  • openmotif21-debuginfo-0:2.1.30-11.RHEL4.6
  • perl-Crypt-CBC-0:2.24-1.el4
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel4
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel4
  • tomcat5-0:5.0.30-0jpp_10rh
  • jabberd-0:2.0s10-3.37.rhn
  • jabberd-0:2.0s10-3.38.rhn
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
  • jfreechart-0:0.9.20-3.rhn
  • openmotif21-0:2.1.30-11.RHEL4.6
  • openmotif21-0:2.1.30-9.RHEL3.8
  • openmotif21-debuginfo-0:2.1.30-11.RHEL4.6
  • openmotif21-debuginfo-0:2.1.30-9.RHEL3.8
  • perl-Crypt-CBC-0:2.24-1.el3
  • perl-Crypt-CBC-0:2.24-1.el4
  • rhn-apache-0:1.3.27-36.rhn.rhel3
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel3
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel3
  • rhn-modperl-0:1.29-16.rhel4
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel3
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel4
  • tomcat5-0:5.0.30-0jpp_10rh
  • jfreechart-0:0.9.20-3.rhn
  • mod_perl-0:2.0.2-12.el4
  • mod_perl-debuginfo-0:2.0.2-12.el4
  • perl-Crypt-CBC-0:2.24-1.el4
  • rhn-html-0:5.1.1-7
  • tomcat5-0:5.0.30-0jpp_10rh
  • tomcat5-0:5.5.23-0jpp_4rh.9
  • tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9
  • tomcat5-common-lib-0:5.5.23-0jpp_4rh.9
  • tomcat5-jasper-0:5.5.23-0jpp_4rh.9
  • tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9
  • tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9
  • tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9
  • tomcat5-server-lib-0:5.5.23-0jpp_4rh.9
  • tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9
  • tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9
  • tomcat5-webapps-0:5.5.23-0jpp_4rh.9
  • ant-0:1.6.5-1jpp_1rh
  • avalon-logkit-0:1.2-2jpp_4rh
  • axis-0:1.2.1-1jpp_3rh
  • classpathx-jaf-0:1.0-2jpp_6rh
  • classpathx-mail-0:1.1.1-2jpp_8rh
  • geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh
  • geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh
  • geronimo-specs-0:1.0-0.M4.1jpp_10rh
  • geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh
  • jakarta-commons-modeler-0:2.0-3jpp_2rh
  • log4j-0:1.2.12-1jpp_1rh
  • mx4j-1:3.0.1-1jpp_4rh
  • pcsc-lite-0:1.3.3-3.el4
  • pcsc-lite-debuginfo-0:1.3.3-3.el4
  • pcsc-lite-doc-0:1.3.3-3.el4
  • pcsc-lite-libs-0:1.3.3-3.el4
  • rhpki-ca-0:7.3.0-20.el4
  • rhpki-java-tools-0:7.3.0-10.el4
  • rhpki-kra-0:7.3.0-14.el4
  • rhpki-manage-0:7.3.0-19.el4
  • rhpki-native-tools-0:7.3.0-6.el4
  • rhpki-ocsp-0:7.3.0-13.el4
  • rhpki-tks-0:7.3.0-13.el4
  • tomcat5-0:5.5.23-0jpp_4rh.16
  • tomcat5-common-lib-0:5.5.23-0jpp_4rh.16
  • tomcat5-jasper-0:5.5.23-0jpp_4rh.16
  • tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16
  • tomcat5-server-lib-0:5.5.23-0jpp_4rh.16
  • tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16
  • xerces-j2-0:2.7.1-1jpp_1rh
  • xml-commons-0:1.3.02-2jpp_1rh
  • xml-commons-apis-0:1.3.02-2jpp_1rh

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 26070 CVE(CAN) ID: CVE-2007-5461 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat在特定配置情况下存在漏洞,远程攻击者可能利用此漏洞非授权读写文件。 如果将Apache Tomcat的WebDAV servlet配置为同上下文使用且允许写访问的话,则远程攻击者可以通过提交指定了SYSTEM标签的WebDAV请求导致泄露任意文件的内容。 Apache Group Tomcat 6.0.0 - 6.0.14 Apache Group Tomcat 5.5.0 - 5.5.25 Apache Group Tomcat 5.0.0 - 5.0.SVN Apache Group Tomcat 4.1.0 - 4.1.SVN Apache Group Tomcat 4.0.0 - 4.0.6 Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://jakarta.apache.org/tomcat/index.html" target="_blank">http://jakarta.apache.org/tomcat/index.html</a>
idSSV:2341
last seen2017-11-19
modified2007-10-28
published2007-10-28
reporterRoot
titleApache Tomcat WebDav远程信息泄露漏洞

References