Vulnerabilities > CVE-2007-6286 - Unspecified vulnerability in Apache Tomcat
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN apache
nessus
Summary
Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
Vulnerable Configurations
Nessus
NASL family Web Servers NASL id TOMCAT_6_0_16.NASL description According to its self-reported version number, the instance of Apache Tomcat listening on the remote host is prior to 6.0.16. It is, therefore, affected by multiple vulnerabilities : - The remote Apache Tomcat install may be vulnerable to an information disclosure attack via cookies. The previous fix for CVE-2007-3385 was incomplete and did not account for the use of quotes or last seen 2020-03-18 modified 2010-07-01 plugin id 47577 published 2010-07-01 reporter This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47577 title Apache Tomcat < 6.0.16 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(47577); script_version("1.21"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/11"); script_cve_id( "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-6286", "CVE-2008-0002" ); script_bugtraq_id(26070, 27006, 27706, 49470); script_xref(name:"Secunia", value:"27398"); script_xref(name:"Secunia", value:"28274"); script_xref(name:"Secunia", value:"28834"); script_xref(name:"Secunia", value:"28878"); script_name(english:"Apache Tomcat < 6.0.16 Multiple Vulnerabilities"); script_summary(english:"Checks the Apache Tomcat version."); script_set_attribute(attribute:"synopsis", value: "The remote Apache Tomcat server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the instance of Apache Tomcat listening on the remote host is prior to 6.0.16. It is, therefore, affected by multiple vulnerabilities : - The remote Apache Tomcat install may be vulnerable to an information disclosure attack via cookies. The previous fix for CVE-2007-3385 was incomplete and did not account for the use of quotes or '%5C' in cookie values. (CVE-2007-3385, CVE-2007-5333) - The default security policy in the JULI logging component did not restrict access permissions to files. This could be misused by untrusted web applications to access and write arbitrary files in the context of the Tomcat process. (CVE-2007-5342) - A directory traversal vulnerability existed in the Apache Tomcat webdav servlet. In some configurations it allowed remote, authenticated users to read files accessible to the local tomcat process. (CVE-2007-5461) - When the native APR connector is used, it does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of a duplicate copy of one of the recent requests, as demonstrated by using netcat to send the empty request. (CVE-2007-6286) - If the processing or parameters is interrupted, i.e. by an exception, then it is possible for the parameters to be processed as part of later request. (CVE-2008-0002) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.16"); script_set_attribute(attribute:"solution", value:"Upgrade to Apache Tomcat version 6.0.16 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2007-5333"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(22, 200, 264); script_set_attribute(attribute:"vuln_publication_date", value:"2007/10/14"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/01"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:tomcat"); script_set_attribute(attribute:"agent", value:"all"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("tomcat_error_version.nasl", "tomcat_win_installed.nbin", "apache_tomcat_nix_installed.nbin"); script_require_keys("installed_sw/Apache Tomcat"); exit(0); } include("tomcat_version.inc"); tomcat_check_version(fixed:"6.0.16", min:"6.0.0", severity:SECURITY_WARNING, granularity_regex:"^6(\.0)?$");NASL family SuSE Local Security Checks NASL id SUSE_WEBSPHERE-AS_CE-5850.NASL description Websphere has been updated to version 2.1.0.1 to fix several security vulnerabilities in the included subprojects, such as Apache Geronimo and Tomcat. (CVE-2007-0184 / CVE-2007-0185 / CVE-2007-2377 / CVE-2007-2449 / CVE-2007-2450 / CVE-2007-3382 / CVE-2007-3385 / CVE-2007-3386 / CVE-2007-5333 / CVE-2007-5342 / CVE-2007-5461 / CVE-2007-5613 / CVE-2007-5615 / CVE-2007-6286 / CVE-2008-0002 / CVE-2008-1232 / CVE-2008-1947 / CVE-2008-2370 / CVE-2008-2938) last seen 2020-06-01 modified 2020-06-02 plugin id 41596 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41596 title SuSE 10 Security Update : Websphere Community Edition (ZYPP Patch Number 5850) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(41596); script_version ("1.15"); script_cvs_date("Date: 2019/10/25 13:36:33"); script_cve_id("CVE-2007-0184", "CVE-2007-0185", "CVE-2007-2377", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-5613", "CVE-2007-5615", "CVE-2007-6286", "CVE-2008-0002", "CVE-2008-1232", "CVE-2008-1947", "CVE-2008-2370", "CVE-2008-2938"); script_name(english:"SuSE 10 Security Update : Websphere Community Edition (ZYPP Patch Number 5850)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Websphere has been updated to version 2.1.0.1 to fix several security vulnerabilities in the included subprojects, such as Apache Geronimo and Tomcat. (CVE-2007-0184 / CVE-2007-0185 / CVE-2007-2377 / CVE-2007-2449 / CVE-2007-2450 / CVE-2007-3382 / CVE-2007-3385 / CVE-2007-3386 / CVE-2007-5333 / CVE-2007-5342 / CVE-2007-5461 / CVE-2007-5613 / CVE-2007-5615 / CVE-2007-6286 / CVE-2008-0002 / CVE-2008-1232 / CVE-2008-1947 / CVE-2008-2370 / CVE-2008-2938)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-0184.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-0185.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-2377.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-2449.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-2450.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-3382.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-3385.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-3386.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-5333.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-5342.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-5461.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-5613.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-5615.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-6286.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-0002.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1232.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1947.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-2370.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-2938.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 5850."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"Apache Tomcat File Disclosure"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(22, 79, 94, 200, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/12/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLES10", sp:2, reference:"websphere-as_ce-2.1.0.1-3.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2008-007.NASL description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-007 applied. This security update contains fixes for the following products : - Apache - Certificates - ClamAV - ColorSync - CUPS - Finder - launchd - libxslt - MySQL Server - Networking - PHP - Postfix - PSNormalizer - QuickLook - rlogin - Script Editor - Single Sign-On - Tomcat - vim - Weblog last seen 2020-06-01 modified 2020-06-02 plugin id 34374 published 2008-10-10 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34374 title Mac OS X Multiple Vulnerabilities (Security Update 2008-007) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3004) exit(0); include("compat.inc"); if (description) { script_id(34374); script_version("1.31"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id( "CVE-2007-2691", "CVE-2007-4850", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-5969", "CVE-2007-6286", "CVE-2007-6420", "CVE-2008-0002", "CVE-2008-0226", "CVE-2008-0227", "CVE-2008-0674", "CVE-2008-1232", "CVE-2008-1389", "CVE-2008-1678", "CVE-2008-1767", "CVE-2008-1947", "CVE-2008-2079", "CVE-2008-2364", "CVE-2008-2370", "CVE-2008-2371", "CVE-2008-2712", "CVE-2008-2938", "CVE-2008-3294", "CVE-2008-3432", "CVE-2008-3641", "CVE-2008-3642", "CVE-2008-3643", "CVE-2008-3645", "CVE-2008-3646", "CVE-2008-3647", "CVE-2008-3912", "CVE-2008-3913", "CVE-2008-3914", "CVE-2008-4101", "CVE-2008-4211", "CVE-2008-4212", "CVE-2008-4214", "CVE-2008-4215" ); script_bugtraq_id( 24016, 26070, 26765, 27006, 27140, 27236, 27413, 27703, 27706, 27786, 29106, 29312, 29502, 29653, 29715, 30087, 30279, 30494, 30496, 30633, 30795, 30994, 31051, 31681, 31692, 31707, 31708, 31711, 31715, 31716, 31718, 31719, 31720, 31721, 31722 ); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2008-007)"); script_summary(english:"Check for the presence of Security Update 2008-007"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-007 applied. This security update contains fixes for the following products : - Apache - Certificates - ClamAV - ColorSync - CUPS - Finder - launchd - libxslt - MySQL Server - Networking - PHP - Postfix - PSNormalizer - QuickLook - rlogin - Script Editor - Single Sign-On - Tomcat - vim - Weblog" ); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT3216" ); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" ); script_set_attribute(attribute:"solution", value: "Install Security Update 2008-007 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"Apache Tomcat File Disclosure"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'MySQL yaSSL SSL Hello Message Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(16, 20, 22, 79, 94, 119, 189, 200, 264, 352, 362, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/10/10"); script_set_attribute(attribute:"vuln_publication_date", value: "2007/10/15"); script_set_attribute(attribute:"patch_publication_date", value: "2008/10/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if (!uname) exit(0); if (egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages"); if (!packages) exit(0); if (!egrep(pattern:"^SecUpd(Srvr)?(2008-00[78]|2009-|20[1-9][0-9]-)", string:packages)) security_hole(0); } else if (egrep(pattern:"Darwin.* (9\.[0-5]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(0); if (!egrep(pattern:"^com\.apple\.pkg\.update\.security\.2008\.007\.bom", string:packages)) security_hole(0); }NASL family Fedora Local Security Checks NASL id FEDORA_2008-8130.NASL description - Mon Sep 15 2008 David Walluck <dwalluck at redhat.com> 0:5.5.27-0jpp.2 - add commons-io symlink - Mon Sep 15 2008 David Walluck <dwalluck at redhat.com> 0:5.5.27-0jpp.1 - 5.5.27 Resolves: rhbz#456120 Resolves: rhbz#457934 Resolves: rhbz#446393 Resolves: rhbz#457597 - Tue Feb 12 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.2 - Rebuilt - Fri Feb 8 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.1 - Update to new upstream version, which also fixes the following : - CVE-2007-5342 - CVE-2007-5333 - CVE-2007-5461 - CVE-2007-6286 - Removed patch20, now in upstream. - Sat Jan 5 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-2jpp.2 - Fix for bz #153187 - Fix init script for bz #380921 - Fix tomcat5.conf and spec file for bz #253605 - Fix for bz #426850 - Fix for bz #312561 - Fix init script, per bz #247077 - Fix builds on alpha, per bz #253827 - Thu Nov 15 2007 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-1jpp.1 - Updated to 5.5.25, to fix the following issues : - CVE-2007-1355 - CVE-2007-3386 - CVE-2007-3385 - CVE-2007-3382 - CVE-2007-2450, RH bugzilla #244808, #244810, #244812, #363081 - CVE-2007-2449, RH bugzilla #244810, #244812, #244804, #363081 - Applied patch(20) for RH bugzilla #333791, CVE-2007-5461 - Applied patch(21) for RH bugzilla #244803, #244812, #363081, CVE-2007-1358 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34227 published 2008-09-17 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34227 title Fedora 8 : tomcat5-5.5.27-0jpp.2.fc8 (2008-8130) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2008-00010.NASL description Updated ESX patches and VirtualCenter update 2 fix the following application vulnerabilities. a. Tomcat Server Security Update This release of ESX updates the Tomcat Server package to version 5.5.26, which addresses multiple security issues that existed in earlier releases of Tomcat Server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286 to the security issues fixed in Tomcat 5.5.26. b. JRE Security Update This release of ESX and VirtualCenter updates the JRE package to version 1.5.0_15, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-1185, CVE-2008-1186, CVE-2008-1187, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195, CVE-2008-1196, CVE-2008-0657, CVE-2007-5689, CVE-2007-5232, CVE-2007-5236, CVE-2007-5237, CVE-2007-5238, CVE-2007-5239, CVE-2007-5240, CVE-2007-5274 to the security issues fixed in JRE 1.5.0_12, JRE 1.5.0_13, JRE 1.5.0_14, JRE 1.5.0_15. Notes: These vulnerabilities can be exploited remotely only if the attacker has access to the service console network. Security best practices provided by VMware recommend that the service console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices. last seen 2017-10-29 modified 2012-04-26 plugin id 40371 published 2009-07-27 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=40371 title VMSA-2008-00010 : Updated Tomcat and Java JRE packages for VMware, ESX 3.5 and VirtualCenter 2.5 (DEPRECATED) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2008-0010.NASL description ESX patches and updates for VirtualCenter fix the following application vulnerabilities. a. Tomcat Server Security Update The ESX patches and the updates for VirtualCenter update the Tomcat Server package to version 5.5.26, which addresses multiple security issues that existed in earlier releases of Tomcat Server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286 to the security issues fixed in Tomcat 5.5.26. b. JRE Security Update The ESX patches and the updates for VirtualCenter update the JRE package to version 1.5.0_15, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-1185, CVE-2008-1186, CVE-2008-1187, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195, CVE-2008-1196, CVE-2008-0657, CVE-2007-5689, CVE-2007-5232, CVE-2007-5236, CVE-2007-5237, CVE-2007-5238, CVE-2007-5239, CVE-2007-5240, CVE-2007-5274 to the security issues fixed in JRE 1.5.0_12, JRE 1.5.0_13, JRE 1.5.0_14, JRE 1.5.0_15. last seen 2020-06-01 modified 2020-06-02 plugin id 40379 published 2009-07-27 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40379 title VMSA-2008-0010 : Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter NASL family Fedora Local Security Checks NASL id FEDORA_2008-1467.NASL description ---------------------------------------------------------------------- ---------- ChangeLog : - Tue Feb 12 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.2 - Rebuilt - Fri Feb 8 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.1 - Update to new upstream version, which also fixes the following : - CVE-2007-5342 - CVE-2007-5333 - CVE-2007-5461 - CVE-2007-6286 - Removed patch20, now in upstream. - Sat Jan 5 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-2jpp.2 - Fix for bz #153187 - Fix init script for bz #380921 - Fix tomcat5.conf and spec file for bz #253605 - Fix for bz #426850 - Fix for bz #312561 - Fix init script, per bz #247077 - Fix builds on alpha, per bz #253827 - Thu Nov 15 2007 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-1jpp.1 - Updated to 5.5.25, to fix the following issues : - CVE-2007-1355 - CVE-2007-3386 - CVE-2007-3385 - CVE-2007-3382 - CVE-2007-2450, RH bugzilla #244808, #244810, #244812, #363081 - CVE-2007-2449, RH bugzilla #244810, #244812, #244804, #363081 - Applied patch(20) for RH bugzilla #333791, CVE-2007-5461 - Applied patch(21) for RH bugzilla #244803, #244812, #363081, CVE-2007-1358 - Mon Aug 6 2007 Ben Konrath <bkonrath at redhat.com> 0:5.5.23-9jpp.4 - Add jasper-eclipse subpackage which is needed for eclipse 3.3. - Inject OSGi manifest into servlet api jar and jsp api jar. - Mon Jul 23 2007 Vivek Lakshmanan <vivekl at redhat.com> 0:5.5.23-9jpp.3 - Resolves: Bug 246374 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 31062 published 2008-02-14 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31062 title Fedora 7 : tomcat5-5.5.26-1jpp.2.fc7 (2008-1467) NASL family Fedora Local Security Checks NASL id FEDORA_2008-1603.NASL description - Tue Feb 12 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.2 - Rebuilt - Fri Feb 8 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.1 - Update to new upstream version, which also fixes the following : - CVE-2007-5342 - CVE-2007-5333 - CVE-2007-5461 - CVE-2007-6286 - Removed patch20, now in upstream. - Sat Jan 5 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-2jpp.2 - Fix for bz #153187 - Fix init script for bz #380921 - Fix tomcat5.conf and spec file for bz #253605 - Fix for bz #426850 - Fix for bz #312561 - Fix init script, per bz #247077 - Fix builds on alpha, per bz #253827 - Thu Nov 15 2007 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-1jpp.1 - Updated to 5.5.25, to fix the following issues : - CVE-2007-1355 - CVE-2007-3386 - CVE-2007-3385 - CVE-2007-3382 - CVE-2007-2450, RH bugzilla #244808, #244810, #244812, #363081 - CVE-2007-2449, RH bugzilla #244810, #244812, #244804, #363081 - Applied patch(20) for RH bugzilla #333791, CVE-2007-5461 - Applied patch(21) for RH bugzilla #244803, #244812, #363081, CVE-2007-1358 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 31074 published 2008-02-14 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31074 title Fedora 8 : tomcat5-5.5.26-1jpp.2.fc8 (2008-1603) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2009-0016.NASL description a. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. b. Update Apache Tomcat version Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5) which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. c. Third-party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer last seen 2020-06-01 modified 2020-06-02 plugin id 42870 published 2009-11-23 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42870 title VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components. NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200804-10.NASL description The remote host is affected by the vulnerability described in GLSA-200804-10 (Tomcat: Multiple vulnerabilities) The following vulnerabilities were reported: Delian Krustev discovered that the JULI logging component does not properly enforce access restrictions, allowing web application to add or overwrite files (CVE-2007-5342). When the native APR connector is used, Tomcat does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of a duplicate copy of one of the recent requests (CVE-2007-6286). If the processing or parameters is interrupted, i.e. by an exception, then it is possible for the parameters to be processed as part of later request (CVE-2008-0002). An absolute path traversal vulnerability exists due to the way that WebDAV write requests are handled (CVE-2007-5461). Tomcat does not properly handle double quote ( last seen 2020-06-01 modified 2020-06-02 plugin id 31957 published 2008-04-17 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31957 title GLSA-200804-10 : Tomcat: Multiple vulnerabilities NASL family Web Servers NASL id TOMCAT_5_5_26.NASL description According to its self-reported version number, the instance of Apache Tomcat listening on the remote host is prior to 5.5.26. It is, therefore, affected by multiple vulnerabilities : - The remote Apache Tomcat install may be vulnerable to an information disclosure attack via cookies. The previous fix for CVE-2007-3385 was incomplete and did not account for the use of quotes or last seen 2020-03-18 modified 2010-07-01 plugin id 47576 published 2010-07-01 reporter This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47576 title Apache Tomcat < 5.5.26 Multiple Vulnerabilities NASL family Misc. NASL id VMWARE_VMSA-2009-0016_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Geronimo - Apache Tomcat - Apache Xerces2 - cURL/libcURL - ISC BIND - Libxml2 - Linux kernel - Linux kernel 64-bit - Linux kernel Common Internet File System - Linux kernel eCryptfs - NTP - Python - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Abstract Window Toolkit (AWT) - Java SE Plugin - Java SE Provider - Java SE Swing - Java SE Web Start last seen 2020-06-01 modified 2020-06-02 plugin id 89117 published 2016-03-03 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89117 title VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-136.NASL description Multiple security vulnerabilities has been identified and fixed in tomcat5 : When Tomcat last seen 2020-06-01 modified 2020-06-02 plugin id 39485 published 2009-06-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39485 title Mandriva Linux Security Advisory : tomcat5 (MDVSA-2009:136)
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 49470 CVE ID: CVE-2007-6286 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat 5.5.11-5.5.25、6.0.0-6.0.15在使用了本地APR连接器后,没有正确处理到SSL端口的空请求,可允许远程攻击者触发处理最近一个服务器请求副本。 0 Apache Group Tomcat 6.x Apache Group Tomcat 5.x 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://jakarta.apache.org/tomcat/index.html |
| id | SSV:60407 |
| last seen | 2017-11-19 |
| modified | 2012-09-27 |
| published | 2012-09-27 |
| reporter | Root |
| title | Apache Tomcat重复请求处理安全漏洞(CVE-2007-6286) |
Statements
| contributor | Joshua Bressers |
| lastmodified | 2008-04-17 |
| organization | Red Hat |
| statement | Not Vulnerable. Red Hat does not ship a version of Apache Tomcat that enables the native APR connector. |
References
- http://tomcat.apache.org/security-5.html
- http://tomcat.apache.org/security-6.html
- http://secunia.com/advisories/28878
- https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
- https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
- http://secunia.com/advisories/28915
- http://security.gentoo.org/glsa/glsa-200804-10.xml
- http://secunia.com/advisories/29711
- http://securityreason.com/securityalert/3637
- http://www.vmware.com/security/advisories/VMSA-2008-0010.html
- http://secunia.com/advisories/30676
- http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
- http://www.securityfocus.com/bid/31681
- http://secunia.com/advisories/32222
- http://support.apple.com/kb/HT3216
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
- http://secunia.com/advisories/37460
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- http://www.vupen.com/english/advisories/2009/3316
- http://www.vupen.com/english/advisories/2008/0488
- http://www.vupen.com/english/advisories/2008/1856/references
- http://www.vupen.com/english/advisories/2008/2780
- http://marc.info/?l=bugtraq&m=139344343412337&w=2
- http://secunia.com/advisories/57126
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
- http://www.securityfocus.com/archive/1/487823/100/0/threaded
- https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E