Vulnerabilities > CVE-2008-0002 - Remote Information Disclosure vulnerability in Apache Tomcat Parameter Processing

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
apache
nessus

Summary

Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.

Nessus

  • NASL familyWeb Servers
    NASL idTOMCAT_6_0_16.NASL
    descriptionAccording to its self-reported version number, the instance of Apache Tomcat listening on the remote host is prior to 6.0.16. It is, therefore, affected by multiple vulnerabilities : - The remote Apache Tomcat install may be vulnerable to an information disclosure attack via cookies. The previous fix for CVE-2007-3385 was incomplete and did not account for the use of quotes or
    last seen2020-03-18
    modified2010-07-01
    plugin id47577
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47577
    titleApache Tomcat < 6.0.16 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(47577);
      script_version("1.21");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/11");
    
      script_cve_id(
        "CVE-2007-5333",
        "CVE-2007-5342",
        "CVE-2007-5461",
        "CVE-2007-6286",
        "CVE-2008-0002"
      );
      script_bugtraq_id(26070, 27006, 27706, 49470);
      script_xref(name:"Secunia", value:"27398");
      script_xref(name:"Secunia", value:"28274");
      script_xref(name:"Secunia", value:"28834");
      script_xref(name:"Secunia", value:"28878");
    
      script_name(english:"Apache Tomcat < 6.0.16 Multiple Vulnerabilities");
      script_summary(english:"Checks the Apache Tomcat version.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Apache Tomcat server is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its self-reported version number, the instance of Apache
    Tomcat listening on the remote host is prior to 6.0.16. It is,
    therefore, affected by multiple vulnerabilities :
    
      - The remote Apache Tomcat install may be vulnerable to an
        information disclosure attack via cookies. The previous
        fix for CVE-2007-3385 was incomplete and did not account
        for the use of quotes or '%5C' in cookie values.
        (CVE-2007-3385, CVE-2007-5333)
    
      - The default security policy in the JULI logging
        component did not restrict access permissions to files.
        This could be misused by untrusted web applications to
        access and write arbitrary files in the context of the
        Tomcat process. (CVE-2007-5342)
    
      - A directory traversal vulnerability existed in the
        Apache Tomcat webdav servlet. In some configurations
        it allowed remote, authenticated users to read files
        accessible to the local tomcat process. (CVE-2007-5461)
    
      - When the native APR connector is used, it does not
        properly handle an empty request to the SSL port, which
        allows remote attackers to trigger handling of a
        duplicate copy of one of the recent requests, as
        demonstrated by using netcat to send the empty request.
        (CVE-2007-6286)
    
      - If the processing or parameters is interrupted, i.e. by
        an exception, then it is possible for the parameters to
        be processed as part of later request. (CVE-2008-0002)
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.16");
      script_set_attribute(attribute:"solution", value:"Upgrade to Apache Tomcat version 6.0.16 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2007-5333");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(22, 200, 264);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/10/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/02/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/01");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:tomcat");
      script_set_attribute(attribute:"agent", value:"all");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("tomcat_error_version.nasl", "tomcat_win_installed.nbin", "apache_tomcat_nix_installed.nbin");
      script_require_keys("installed_sw/Apache Tomcat");
    
      exit(0);
    }
    
    include("tomcat_version.inc");
    
    tomcat_check_version(fixed:"6.0.16", min:"6.0.0", severity:SECURITY_WARNING, granularity_regex:"^6(\.0)?$");
    
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_WEBSPHERE-AS_CE-5850.NASL
    descriptionWebsphere has been updated to version 2.1.0.1 to fix several security vulnerabilities in the included subprojects, such as Apache Geronimo and Tomcat. (CVE-2007-0184 / CVE-2007-0185 / CVE-2007-2377 / CVE-2007-2449 / CVE-2007-2450 / CVE-2007-3382 / CVE-2007-3385 / CVE-2007-3386 / CVE-2007-5333 / CVE-2007-5342 / CVE-2007-5461 / CVE-2007-5613 / CVE-2007-5615 / CVE-2007-6286 / CVE-2008-0002 / CVE-2008-1232 / CVE-2008-1947 / CVE-2008-2370 / CVE-2008-2938)
    last seen2020-06-01
    modified2020-06-02
    plugin id41596
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41596
    titleSuSE 10 Security Update : Websphere Community Edition (ZYPP Patch Number 5850)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(41596);
      script_version ("1.15");
      script_cvs_date("Date: 2019/10/25 13:36:33");
    
      script_cve_id("CVE-2007-0184", "CVE-2007-0185", "CVE-2007-2377", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-5613", "CVE-2007-5615", "CVE-2007-6286", "CVE-2008-0002", "CVE-2008-1232", "CVE-2008-1947", "CVE-2008-2370", "CVE-2008-2938");
    
      script_name(english:"SuSE 10 Security Update : Websphere Community Edition (ZYPP Patch Number 5850)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Websphere has been updated to version 2.1.0.1 to fix several security
    vulnerabilities in the included subprojects, such as Apache Geronimo
    and Tomcat. (CVE-2007-0184 / CVE-2007-0185 / CVE-2007-2377 /
    CVE-2007-2449 / CVE-2007-2450 / CVE-2007-3382 / CVE-2007-3385 /
    CVE-2007-3386 / CVE-2007-5333 / CVE-2007-5342 / CVE-2007-5461 /
    CVE-2007-5613 / CVE-2007-5615 / CVE-2007-6286 / CVE-2008-0002 /
    CVE-2008-1232 / CVE-2008-1947 / CVE-2008-2370 / CVE-2008-2938)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-0184.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-0185.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-2377.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-2449.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-2450.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3382.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3385.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-3386.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-5333.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-5342.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-5461.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-5613.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-5615.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-6286.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-0002.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-1232.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-1947.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-2370.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-2938.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 5850.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"d2_elliot_name", value:"Apache Tomcat File Disclosure");
      script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(22, 79, 94, 200, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/12/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLES10", sp:2, reference:"websphere-as_ce-2.1.0.1-3.3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2008-007.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-007 applied. This security update contains fixes for the following products : - Apache - Certificates - ClamAV - ColorSync - CUPS - Finder - launchd - libxslt - MySQL Server - Networking - PHP - Postfix - PSNormalizer - QuickLook - rlogin - Script Editor - Single Sign-On - Tomcat - vim - Weblog
    last seen2020-06-01
    modified2020-06-02
    plugin id34374
    published2008-10-10
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34374
    titleMac OS X Multiple Vulnerabilities (Security Update 2008-007)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    if (!defined_func("bn_random")) exit(0);
    if (NASL_LEVEL < 3004) exit(0);
    
    
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34374);
      script_version("1.31");
      script_cvs_date("Date: 2018/07/14  1:59:35");
    
      script_cve_id(
        "CVE-2007-2691",
        "CVE-2007-4850",
        "CVE-2007-5333",
        "CVE-2007-5342",
        "CVE-2007-5461",
        "CVE-2007-5969",
        "CVE-2007-6286",
        "CVE-2007-6420",
        "CVE-2008-0002",
        "CVE-2008-0226",
        "CVE-2008-0227",
        "CVE-2008-0674",
        "CVE-2008-1232",
        "CVE-2008-1389",
        "CVE-2008-1678",
        "CVE-2008-1767",
        "CVE-2008-1947",
        "CVE-2008-2079",
        "CVE-2008-2364",
        "CVE-2008-2370",
        "CVE-2008-2371",
        "CVE-2008-2712",
        "CVE-2008-2938",
        "CVE-2008-3294",
        "CVE-2008-3432",
        "CVE-2008-3641",
        "CVE-2008-3642",
        "CVE-2008-3643",
        "CVE-2008-3645",
        "CVE-2008-3646",
        "CVE-2008-3647",
        "CVE-2008-3912",
        "CVE-2008-3913",
        "CVE-2008-3914",
        "CVE-2008-4101",
        "CVE-2008-4211",
        "CVE-2008-4212",
        "CVE-2008-4214",
        "CVE-2008-4215"
      );
      script_bugtraq_id(
        24016,
        26070,
        26765,
        27006,
        27140,
        27236,
        27413,
        27703,
        27706,
        27786,
        29106,
        29312,
        29502,
        29653,
        29715,
        30087,
        30279,
        30494,
        30496,
        30633,
        30795,
        30994,
        31051,
        31681,
        31692,
        31707,
        31708,
        31711,
        31715,
        31716,
        31718,
        31719,
        31720,
        31721,
        31722
      );
    
      script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2008-007)");
      script_summary(english:"Check for the presence of Security Update 2008-007");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a Mac OS X update that fixes various
    security issues." );
      script_set_attribute(attribute:"description", value:
    "The remote host is running a version of Mac OS X 10.5 or 10.4 that
    does not have the security update 2008-007 applied. 
    
    This security update contains fixes for the following products :
    
      - Apache
      - Certificates
      - ClamAV
      - ColorSync
      - CUPS
      - Finder
      - launchd
      - libxslt
      - MySQL Server
      - Networking
      - PHP
      - Postfix
      - PSNormalizer
      - QuickLook
      - rlogin
      - Script Editor
      - Single Sign-On
      - Tomcat
      - vim
      - Weblog" );
      script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT3216" );
      script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" );
      script_set_attribute(attribute:"solution", value:
    "Install Security Update 2008-007 or later." );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"d2_elliot_name", value:"Apache Tomcat File Disclosure");
      script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'MySQL yaSSL SSL Hello Message Buffer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(16, 20, 22, 79, 94, 119, 189, 200, 264, 352, 362, 399);
    script_set_attribute(attribute:"plugin_publication_date", value: "2008/10/10");
      script_set_attribute(attribute:"vuln_publication_date", value: "2007/10/15");
      script_set_attribute(attribute:"patch_publication_date", value: "2008/10/09");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
      script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/MacOSX/packages", "Host/uname");
      exit(0);
    }
    
    
    uname = get_kb_item("Host/uname");
    if (!uname) exit(0);
    
    if (egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname))
    {
      packages = get_kb_item("Host/MacOSX/packages");
      if (!packages) exit(0);
    
      if (!egrep(pattern:"^SecUpd(Srvr)?(2008-00[78]|2009-|20[1-9][0-9]-)", string:packages))
        security_hole(0);
    }
    else if (egrep(pattern:"Darwin.* (9\.[0-5]\.)", string:uname))
    {
      packages = get_kb_item("Host/MacOSX/packages/boms");
      if (!packages) exit(0);
    
      if (!egrep(pattern:"^com\.apple\.pkg\.update\.security\.2008\.007\.bom", string:packages))
        security_hole(0);
    }
    
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0151.NASL
    descriptionUpdated JBoss Enterprise Application Platform (JBEAP) packages that fix several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. JBoss Enterprise Application Platform (JBEAP) is a middleware platform for Java 2 Platform, Enterprise Edition (J2EE) applications. This release of JBEAP for Red Hat Enterprise Linux 4 contains the JBoss Application Server and JBoss Seam. This release serves as a replacement to JBEAP 4.2.0.GA. It fixes several security issues : The JFreeChart component was vulnerable to multiple cross-site scripting (XSS) vulnerabilities. An attacker could misuse the image map feature to inject arbitrary web script, or HTML, via several attributes of the chart area. (CVE-2007-6306) A vulnerability caused by exposing static Java methods was located within the HSQLDB component. This could be utilized by an attacker to execute arbitrary static Java methods. (CVE-2007-4575) The setOrder method in the org.jboss.seam.framework.Query class did not correctly validate user-supplied parameters. This vulnerability allowed remote attackers to inject, and execute, arbitrary Enterprise JavaBeans Query Language (EJB QL) commands via the order parameter. (CVE-2007-6433) These updated packages include bug fixes and enhancements which are not listed here. For a full list, please refer to the JBEAP 4.2.0CP02 release notes: http://redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp02/readme.html Warning: before applying this update, please backup the JBEAP
    last seen2020-06-01
    modified2020-06-02
    plugin id63848
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63848
    titleRHEL 4 : JBoss EAP (RHSA-2008:0151)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0151. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63848);
      script_version("1.16");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2007-4575", "CVE-2007-5461", "CVE-2007-6306", "CVE-2007-6433", "CVE-2008-0002");
      script_bugtraq_id(26703, 26752);
      script_xref(name:"RHSA", value:"2008:0151");
    
      script_name(english:"RHEL 4 : JBoss EAP (RHSA-2008:0151)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated JBoss Enterprise Application Platform (JBEAP) packages that
    fix several security issues are now available.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    JBoss Enterprise Application Platform (JBEAP) is a middleware platform
    for Java 2 Platform, Enterprise Edition (J2EE) applications.
    
    This release of JBEAP for Red Hat Enterprise Linux 4 contains the
    JBoss Application Server and JBoss Seam. This release serves as a
    replacement to JBEAP 4.2.0.GA. It fixes several security issues :
    
    The JFreeChart component was vulnerable to multiple cross-site
    scripting (XSS) vulnerabilities. An attacker could misuse the image
    map feature to inject arbitrary web script, or HTML, via several
    attributes of the chart area. (CVE-2007-6306)
    
    A vulnerability caused by exposing static Java methods was located
    within the HSQLDB component. This could be utilized by an attacker to
    execute arbitrary static Java methods. (CVE-2007-4575)
    
    The setOrder method in the org.jboss.seam.framework.Query class did
    not correctly validate user-supplied parameters. This vulnerability
    allowed remote attackers to inject, and execute, arbitrary Enterprise
    JavaBeans Query Language (EJB QL) commands via the order parameter.
    (CVE-2007-6433)
    
    These updated packages include bug fixes and enhancements which are
    not listed here. For a full list, please refer to the JBEAP 4.2.0CP02
    release notes:
    http://redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp02/readme.html
    
    Warning: before applying this update, please backup the JBEAP
    'server/[configuration]/deploy/' directory, and any other customized
    configuration files.
    
    All users of JBEAP on Red Hat Enterprise Linux 4 are advised to
    upgrade to these updated packages, which resolve these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-4575"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5461"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-6306"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-6433"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-0002"
      );
      # http://redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp02/readme.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/documentation/en-us/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:0151"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(20, 22, 79, 94);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:concurrent");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glassfish-jaf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glassfish-javamail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glassfish-jsf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glassfish-jstl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate3-annotations-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate3-entitymanager-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate3-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hsqldb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jacorb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-aop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-cache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-remoting");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-seam");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-seam-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossweb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossws-jboss42");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossws-wsconsume-impl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossxb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jcommon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jfreechart");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jgroups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-eap-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-eap-docs-examples");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:wsdl4j");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/10/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/04/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:0151";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL4", rpm:"jbossas-4"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "JBoss EAP");
    
      if (rpm_check(release:"RHEL4", reference:"concurrent-1.3.4-7jpp.ep1.6.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"glassfish-jaf-1.1.0-0jpp.ep1.10.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"glassfish-javamail-1.4.0-0jpp.ep1.8")) flag++;
      if (rpm_check(release:"RHEL4", reference:"glassfish-jsf-1.2_04-1.p02.0jpp.ep1.18")) flag++;
      if (rpm_check(release:"RHEL4", reference:"glassfish-jstl-1.2.0-0jpp.ep1.2")) flag++;
      if (rpm_check(release:"RHEL4", reference:"hibernate3-annotations-3.2.1-1.patch02.1jpp.ep1.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"hibernate3-annotations-javadoc-3.2.1-1.patch02.1jpp.ep1.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"hibernate3-entitymanager-3.2.1-1jpp.ep1.6.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.6.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"hibernate3-javadoc-3.2.4-1.SP1_CP02.0jpp.ep1.1.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"hsqldb-1.8.0.8-2.patch01.1jpp.ep1.1")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jacorb-2.3.0-1jpp.ep1.4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jboss-aop-1.5.5-1.CP01.0jpp.ep1.1.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jboss-cache-1.4.1-4.SP8_CP01.1jpp.ep1.1.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jboss-common-1.2.1-0jpp.ep1.2")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jboss-remoting-2.2.2-3.SP4.0jpp.ep1.1")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jboss-seam-1.2.1-1.ep1.3.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jboss-seam-docs-1.2.1-1.ep1.3.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jbossas-4.2.0-3.GA_CP02.ep1.3.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jbossweb-2.0.0-3.CP05.0jpp.ep1.1")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jbossws-jboss42-1.2.1-0jpp.ep1.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jbossws-wsconsume-impl-2.0.0-0jpp.ep1.3")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jbossxb-1.0.0-2.SP1.0jpp.ep1.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jcommon-1.0.12-1jpp.ep1.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jfreechart-1.0.9-1jpp.ep1.2.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"jgroups-2.4.1-1.SP4.0jpp.ep1.2")) flag++;
      if (rpm_check(release:"RHEL4", reference:"rh-eap-docs-4.2.0-3.GA_CP02.ep1.1.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"rh-eap-docs-examples-4.2.0-3.GA_CP02.ep1.1.el4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"wsdl4j-1.6.2-1jpp.ep1.8")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "concurrent / glassfish-jaf / glassfish-javamail / glassfish-jsf / etc");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-1467.NASL
    description---------------------------------------------------------------------- ---------- ChangeLog : - Tue Feb 12 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.2 - Rebuilt - Fri Feb 8 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.1 - Update to new upstream version, which also fixes the following : - CVE-2007-5342 - CVE-2007-5333 - CVE-2007-5461 - CVE-2007-6286 - Removed patch20, now in upstream. - Sat Jan 5 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-2jpp.2 - Fix for bz #153187 - Fix init script for bz #380921 - Fix tomcat5.conf and spec file for bz #253605 - Fix for bz #426850 - Fix for bz #312561 - Fix init script, per bz #247077 - Fix builds on alpha, per bz #253827 - Thu Nov 15 2007 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-1jpp.1 - Updated to 5.5.25, to fix the following issues : - CVE-2007-1355 - CVE-2007-3386 - CVE-2007-3385 - CVE-2007-3382 - CVE-2007-2450, RH bugzilla #244808, #244810, #244812, #363081 - CVE-2007-2449, RH bugzilla #244810, #244812, #244804, #363081 - Applied patch(20) for RH bugzilla #333791, CVE-2007-5461 - Applied patch(21) for RH bugzilla #244803, #244812, #363081, CVE-2007-1358 - Mon Aug 6 2007 Ben Konrath <bkonrath at redhat.com> 0:5.5.23-9jpp.4 - Add jasper-eclipse subpackage which is needed for eclipse 3.3. - Inject OSGi manifest into servlet api jar and jsp api jar. - Mon Jul 23 2007 Vivek Lakshmanan <vivekl at redhat.com> 0:5.5.23-9jpp.3 - Resolves: Bug 246374 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31062
    published2008-02-14
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31062
    titleFedora 7 : tomcat5-5.5.26-1jpp.2.fc7 (2008-1467)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-1603.NASL
    description - Tue Feb 12 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.2 - Rebuilt - Fri Feb 8 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.1 - Update to new upstream version, which also fixes the following : - CVE-2007-5342 - CVE-2007-5333 - CVE-2007-5461 - CVE-2007-6286 - Removed patch20, now in upstream. - Sat Jan 5 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-2jpp.2 - Fix for bz #153187 - Fix init script for bz #380921 - Fix tomcat5.conf and spec file for bz #253605 - Fix for bz #426850 - Fix for bz #312561 - Fix init script, per bz #247077 - Fix builds on alpha, per bz #253827 - Thu Nov 15 2007 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-1jpp.1 - Updated to 5.5.25, to fix the following issues : - CVE-2007-1355 - CVE-2007-3386 - CVE-2007-3385 - CVE-2007-3382 - CVE-2007-2450, RH bugzilla #244808, #244810, #244812, #363081 - CVE-2007-2449, RH bugzilla #244810, #244812, #244804, #363081 - Applied patch(20) for RH bugzilla #333791, CVE-2007-5461 - Applied patch(21) for RH bugzilla #244803, #244812, #363081, CVE-2007-1358 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31074
    published2008-02-14
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31074
    titleFedora 8 : tomcat5-5.5.26-1jpp.2.fc8 (2008-1603)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2009-0016.NASL
    descriptiona. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. b. Update Apache Tomcat version Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5) which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. c. Third-party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer
    last seen2020-06-01
    modified2020-06-02
    plugin id42870
    published2009-11-23
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42870
    titleVMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200804-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200804-10 (Tomcat: Multiple vulnerabilities) The following vulnerabilities were reported: Delian Krustev discovered that the JULI logging component does not properly enforce access restrictions, allowing web application to add or overwrite files (CVE-2007-5342). When the native APR connector is used, Tomcat does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of a duplicate copy of one of the recent requests (CVE-2007-6286). If the processing or parameters is interrupted, i.e. by an exception, then it is possible for the parameters to be processed as part of later request (CVE-2008-0002). An absolute path traversal vulnerability exists due to the way that WebDAV write requests are handled (CVE-2007-5461). Tomcat does not properly handle double quote (
    last seen2020-06-01
    modified2020-06-02
    plugin id31957
    published2008-04-17
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31957
    titleGLSA-200804-10 : Tomcat: Multiple vulnerabilities
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2009-0016_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Geronimo - Apache Tomcat - Apache Xerces2 - cURL/libcURL - ISC BIND - Libxml2 - Linux kernel - Linux kernel 64-bit - Linux kernel Common Internet File System - Linux kernel eCryptfs - NTP - Python - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Abstract Window Toolkit (AWT) - Java SE Plugin - Java SE Provider - Java SE Swing - Java SE Web Start
    last seen2020-06-01
    modified2020-06-02
    plugin id89117
    published2016-03-03
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89117
    titleVMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0213.NASL
    descriptionNew JBoss Enterprise Application Platform (JBEAP) packages, comprising the 4.2.0.CP02 release, are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. JBEAP is a middleware platform for Java 2 Platform, Enterprise Edition (J2EE) applications. This release of JBEAP for Red Hat Enterprise Linux 5 contains the JBoss Application Server and JBoss Seam and serves as a replacement for JBEAP 4.2.0.GA_CP01. As well as fixing numerous bugs and adding enhancements, these updated packages addresses several security issues. The JFreeChart component was vulnerable to multiple cross-site scripting (XSS) vulnerabilities. An attacker could misuse the image map feature to inject arbitrary web script or HTML via several attributes of the chart area. (CVE-2007-6306) A vulnerability caused by exposing static java methods was located within the HSQLDB component. This could be utilized by an attacker to execute arbitrary static java methods. (CVE-2007-4575) The setOrder method in the org.jboss.seam.framework.Query class did not properly validate user-supplied parameters. This vulnerability allowed remote attackers to inject and execute arbitrary EJBQL commands via the order parameter. (CVE-2007-6433) For details regarding the bug fixes and enhancements included with this update, please see the JBoss Enterprise Application Platform 4.2.0.CP02 Release Notes, linked to in the References section below. All Red Hat Enterprise Linux 5 users wanting to use the JBoss Enterprise Application Platform are advised to install these new packages.
    last seen2020-06-01
    modified2020-06-02
    plugin id63851
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63851
    titleRHEL 5 : JBoss EAP (RHSA-2008:0213)

Redhat

rpms
  • concurrent-0:1.3.4-7jpp.ep1.6.el4
  • glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4
  • glassfish-javamail-0:1.4.0-0jpp.ep1.8
  • glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18
  • glassfish-jstl-0:1.2.0-0jpp.ep1.2
  • hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4
  • hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4
  • hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4
  • hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4
  • hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4
  • hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4
  • hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1
  • jacorb-0:2.3.0-1jpp.ep1.4
  • jacorb-demo-0:2.3.0-1jpp.ep1.4
  • jacorb-javadoc-0:2.3.0-1jpp.ep1.4
  • jacorb-manual-0:2.3.0-1jpp.ep1.4
  • jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4
  • jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4
  • jboss-common-0:1.2.1-0jpp.ep1.2
  • jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1
  • jboss-seam-0:1.2.1-1.ep1.3.el4
  • jboss-seam-docs-0:1.2.1-1.ep1.3.el4
  • jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4
  • jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1
  • jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4
  • jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3
  • jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4
  • jcommon-0:1.0.12-1jpp.ep1.2.el4
  • jfreechart-0:1.0.9-1jpp.ep1.2.el4
  • jgroups-1:2.4.1-1.SP4.0jpp.ep1.2
  • rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4
  • rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4
  • wsdl4j-0:1.6.2-1jpp.ep1.8
  • concurrent-0:1.3.4-7jpp.ep1.6.el4
  • concurrent-0:1.3.4-8jpp.ep1.6.el5.1
  • glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4
  • glassfish-javamail-0:1.4.0-0jpp.ep1.8
  • glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18
  • glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5
  • glassfish-jstl-0:1.2.0-0jpp.ep1.2
  • glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5
  • hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1
  • hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4
  • hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4
  • hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1
  • hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el4
  • hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1
  • hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4
  • hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5
  • hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el4
  • hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5
  • hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1
  • hibernate3-javadoc-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4
  • hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1
  • jacorb-0:2.3.0-1jpp.ep1.4
  • jacorb-0:2.3.0-1jpp.ep1.5.el5
  • jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4
  • jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5
  • jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4
  • jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5
  • jboss-common-0:1.2.1-0jpp.ep1.2
  • jboss-common-0:1.2.1-0jpp.ep1.2.el5.1
  • jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1
  • jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5
  • jboss-seam-0:1.2.1-1.ep1.3.el4
  • jboss-seam-0:1.2.1-1.ep1.3.el5
  • jboss-seam-docs-0:1.2.1-1.ep1.3.el4
  • jboss-seam-docs-0:1.2.1-1.ep1.3.el5
  • jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4
  • jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3
  • jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1
  • jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5
  • jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4
  • jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1
  • jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3
  • jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5
  • jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4
  • jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1
  • jcommon-0:1.0.12-1jpp.ep1.2.el4
  • jcommon-0:1.0.12-1jpp.ep1.2.el5
  • jfreechart-0:1.0.9-1jpp.ep1.2.el4
  • jfreechart-0:1.0.9-1jpp.ep1.2.el5.1
  • jgroups-1:2.4.1-1.SP4.0jpp.ep1.2
  • jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5
  • juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1
  • rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4
  • rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1
  • rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el4
  • rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1
  • wsdl4j-0:1.6.2-1jpp.ep1.8
  • concurrent-0:1.3.4-8jpp.ep1.6.el5.1
  • glassfish-jaf-0:1.1.0-0jpp.ep1.9.el5
  • glassfish-javamail-0:1.4.0-0jpp.ep1.8.el5
  • glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18.el5
  • glassfish-jstl-0:1.2.0-0jpp.ep1.2.el5
  • hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1
  • hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1
  • hibernate3-annotations-javadoc-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1
  • hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el5
  • hibernate3-entitymanager-javadoc-0:3.2.1-1jpp.ep1.6.el5
  • hibernate3-javadoc-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1
  • jacorb-0:2.3.0-1jpp.ep1.5.el5
  • jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5
  • jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5
  • jboss-common-0:1.2.1-0jpp.ep1.2.el5.1
  • jboss-jbpm-bpel-0:1.1.0-0jpp.ep1.3.el5
  • jboss-jbpm-jpdl-0:3.2.0-0jpp.ep1.6.el5
  • jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5
  • jboss-seam-0:1.2.1-1.ep1.3.el5
  • jboss-seam-docs-0:1.2.1-1.ep1.3.el5
  • jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3
  • jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5
  • jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el5.1
  • jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3.el5
  • jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1
  • jcommon-0:1.0.12-1jpp.ep1.2.el5
  • jfreechart-0:1.0.9-1jpp.ep1.2.el5.1
  • jgroups-1:2.4.1-1.SP4.0jpp.ep1.2.el5
  • juddi-0:0.9-0.rc4.2jpp.ep1.3.el5.1
  • rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1
  • rh-eap-docs-examples-0:4.2.0-3.GA_CP02.ep1.1.el5.1
  • ws-commons-policy-0:1.0-2jpp.ep1.4.el5