Vulnerabilities > CVE-2013-1976 - Link Following vulnerability in Redhat Enterprise Linux and Jboss Enterprise web Server

CVSS 6.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

redhat

CWE-59

nessus

NVD

Published: 2013-07-09

Updated: 2019-04-22

Summary

The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Jboss Enterprise WEB Server 1.0.2 Redhat Jboss Enterprise WEB Server 2.0.0	2
OS	Redhat Redhat Enterprise Linux 5 Redhat Enterprise Linux 6.0	2

Common Weakness Enumeration (CWE)

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Common Attack Pattern Enumeration and Classification (CAPEC)

Symlink Attack
An attacker positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name. The endpoint file may be either output or input. If the file is output, the result is that the endpoint is modified, instead of a file at the intended location. Modifications to the endpoint file may include appending, overwriting, corrupting, changing permissions, or other modifications. In some variants of this attack the attacker may be able to control the change to a file while in other cases they cannot. The former is especially damaging since the attacker may be able to grant themselves increased privileges or insert false information, but the latter can also be damaging as it can expose sensitive information or corrupt or destroy vital system or application files. Alternatively, the endpoint file may serve as input to the targeted application. This can be used to feed malformed input into the target or to cause the target to process different information, possibly allowing the attacker to control the actions of the target or to cause the target to expose information to the attacker. Moreover, the actions taken on the endpoint file are undertaken with the permissions of the targeted user or application, which may exceed the permissions that the attacker would normally have.
Accessing, Modifying or Executing Executable Files
An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
Manipulating Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.

Nessus

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20130528_TOMCAT5_ON_SL5_X.NASL
description	A flaw was found in the way the tomcat5 init script handled the catalina.out log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, /var/log/tomcat5/catalina.out has been moved to the /var/log/tomcat5-initd.log file. Tomcat must be restarted for this update to take effect.
last seen	2020-03-18
modified	2013-05-29
plugin id	66664
published	2013-05-29
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/66664
title	Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64 (20130528)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(66664); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-1976"); script_name(english:"Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64 (20130528)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A flaw was found in the way the tomcat5 init script handled the catalina.out log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, /var/log/tomcat5/catalina.out has been moved to the /var/log/tomcat5-initd.log file. Tomcat must be restarted for this update to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1305&L=scientific-linux-errata&T=0&P=2291 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ddc5e362" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat5-admin-webapps"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat5-common-lib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat5-jasper"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat5-jasper-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat5-jsp-2.0-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat5-jsp-2.0-api-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat5-server-lib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat5-servlet-2.4-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat5-servlet-2.4-api-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat5-webapps"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/09"); script_set_attribute(attribute:"patch_publication_date", value:"2013/05/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"tomcat5-5.5.23-0jpp.40.el5_9")) flag++; if (rpm_check(release:"SL5", reference:"tomcat5-admin-webapps-5.5.23-0jpp.40.el5_9")) flag++; if (rpm_check(release:"SL5", reference:"tomcat5-common-lib-5.5.23-0jpp.40.el5_9")) flag++; if (rpm_check(release:"SL5", reference:"tomcat5-debuginfo-5.5.23-0jpp.40.el5_9")) flag++; if (rpm_check(release:"SL5", reference:"tomcat5-jasper-5.5.23-0jpp.40.el5_9")) flag++; if (rpm_check(release:"SL5", reference:"tomcat5-jasper-javadoc-5.5.23-0jpp.40.el5_9")) flag++; if (rpm_check(release:"SL5", reference:"tomcat5-jsp-2.0-api-5.5.23-0jpp.40.el5_9")) flag++; if (rpm_check(release:"SL5", reference:"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.40.el5_9")) flag++; if (rpm_check(release:"SL5", reference:"tomcat5-server-lib-5.5.23-0jpp.40.el5_9")) flag++; if (rpm_check(release:"SL5", reference:"tomcat5-servlet-2.4-api-5.5.23-0jpp.40.el5_9")) flag++; if (rpm_check(release:"SL5", reference:"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.40.el5_9")) flag++; if (rpm_check(release:"SL5", reference:"tomcat5-webapps-5.5.23-0jpp.40.el5_9")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc"); }

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2013-196.NASL
description	The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.
last seen	2020-06-01
modified	2020-06-02
plugin id	69754
published	2013-09-04
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/69754
title	Amazon Linux AMI : tomcat6 (ALAS-2013-196)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2013-196. # include("compat.inc"); if (description) { script_id(69754); script_version("1.5"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2013-1976"); script_xref(name:"ALAS", value:"2013-196"); script_name(english:"Amazon Linux AMI : tomcat6 (ALAS-2013-196)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log." ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2013-196.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update tomcat6' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat6-admin-webapps"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat6-docs-webapp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat6-el-2.1-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat6-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat6-lib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat6-webapps"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) \|\| !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A\|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"tomcat6-6.0.37-1.1.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"tomcat6-admin-webapps-6.0.37-1.1.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"tomcat6-docs-webapp-6.0.37-1.1.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"tomcat6-el-2.1-api-6.0.37-1.1.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"tomcat6-javadoc-6.0.37-1.1.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"tomcat6-jsp-2.1-api-6.0.37-1.1.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"tomcat6-lib-6.0.37-1.1.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"tomcat6-servlet-2.5-api-6.0.37-1.1.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"tomcat6-webapps-6.0.37-1.1.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc"); }

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20130528_TOMCAT6_ON_SL6_X.NASL
description	A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, tomcat6-initd.log has been moved from /var/log/tomcat6/ to the /var/log/ directory. It was found that the SLSA-2013:0623 update did not correctly fix CVE-2012-5887, a weakness in the Tomcat DIGEST authentication implementation. A remote attacker could use this flaw to perform replay attacks in some circumstances. Additionally, this problem also prevented users from being able to authenticate using DIGEST authentication. (CVE-2013-2051) Tomcat must be restarted for this update to take effect.
last seen	2020-03-18
modified	2013-05-29
plugin id	66665
published	2013-05-29
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/66665
title	Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20130528)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(66665); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/27"); script_cve_id("CVE-2012-5887", "CVE-2013-1976", "CVE-2013-2051"); script_name(english:"Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20130528)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, tomcat6-initd.log has been moved from /var/log/tomcat6/ to the /var/log/ directory. It was found that the SLSA-2013:0623 update did not correctly fix CVE-2012-5887, a weakness in the Tomcat DIGEST authentication implementation. A remote attacker could use this flaw to perform replay attacks in some circumstances. Additionally, this problem also prevented users from being able to authenticate using DIGEST authentication. (CVE-2013-2051) Tomcat must be restarted for this update to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1305&L=scientific-linux-errata&T=0&P=2167 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bcf2c088" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat6-admin-webapps"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat6-docs-webapp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat6-el-2.1-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat6-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat6-jsp-2.1-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat6-lib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat6-servlet-2.5-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat6-webapps"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/17"); script_set_attribute(attribute:"patch_publication_date", value:"2013/05/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL6", reference:"tomcat6-6.0.24-55.el6_4")) flag++; if (rpm_check(release:"SL6", reference:"tomcat6-admin-webapps-6.0.24-55.el6_4")) flag++; if (rpm_check(release:"SL6", reference:"tomcat6-docs-webapp-6.0.24-55.el6_4")) flag++; if (rpm_check(release:"SL6", reference:"tomcat6-el-2.1-api-6.0.24-55.el6_4")) flag++; if (rpm_check(release:"SL6", reference:"tomcat6-javadoc-6.0.24-55.el6_4")) flag++; if (rpm_check(release:"SL6", reference:"tomcat6-jsp-2.1-api-6.0.24-55.el6_4")) flag++; if (rpm_check(release:"SL6", reference:"tomcat6-lib-6.0.24-55.el6_4")) flag++; if (rpm_check(release:"SL6", reference:"tomcat6-servlet-2.5-api-6.0.24-55.el6_4")) flag++; if (rpm_check(release:"SL6", reference:"tomcat6-webapps-6.0.24-55.el6_4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc"); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-0869.NASL
description	Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, tomcat6-initd.log has been moved from /var/log/tomcat6/ to the /var/log/ directory. It was found that the RHSA-2013:0623 update did not correctly fix CVE-2012-5887, a weakness in the Tomcat DIGEST authentication implementation. A remote attacker could use this flaw to perform replay attacks in some circumstances. Additionally, this problem also prevented users from being able to authenticate using DIGEST authentication. (CVE-2013-2051) Red Hat would like to thank Simon Fayer of Imperial College London for reporting the CVE-2013-1976 issue. Users of Tomcat are advised to upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	66660
published	2013-05-29
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/66660
title	RHEL 6 : tomcat6 (RHSA-2013:0869)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_TOMCAT6-130802.NASL
description	This update of tomcat6 fixes : - apache-tomcat-CVE-2012-3544.patch. (bnc#831119) - use chown --no-dereference to prevent symlink attacks on log (bnc#822177#c7/prevents CVE-2013-1976) - Fix tomcat init scripts generating malformed classpath ( http://youtrack.jetbrains.com/issue/JT-18545 ) bnc#804992 (patch from m407) - fix a typo in initscript. (bnc#768772) - copy all shell scripts (bnc#818948)
last seen	2020-06-05
modified	2013-08-23
plugin id	69458
published	2013-08-23
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/69458
title	SuSE 11.2 / 11.3 Security Update : tomcat6 (SAT Patch Numbers 8155 / 8156)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-0871.NASL
description	Updated tomcat6 and tomcat7 packages that fix one security issue are now available for JBoss Enterprise Web Server 2.0.0 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way the tomcat6 and tomcat7 init scripts handled the tomcat6-initd.log and tomcat7-initd.log log files. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, tomcat6-initd.log and tomcat7-initd.log have been moved to the /var/log/ directory. Red Hat would like to thank Simon Fayer of Imperial College London for reporting this issue. Warning: Before applying the update, back up your existing JBoss Enterprise Web Server installation (including all applications and configuration files). Users of Tomcat should upgrade to these updated packages, which resolve this issue. Tomcat must be restarted for this update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	76236
published	2014-06-26
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/76236
title	RHEL 5 / 6 : JBoss Web Server (RHSA-2013:0871)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-0872.NASL
description	Updated tomcat5 and tomcat6 packages that fix one security issue are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way the tomcat5 and tomcat6 init scripts handled the tomcat5-initd.log and tomcat6-initd.log log files. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, tomcat5-initd.log and tomcat6-initd.log have been moved to the /var/log/ directory. Red Hat would like to thank Simon Fayer of Imperial College London for reporting this issue. Warning: Before applying the update, back up your existing JBoss Enterprise Web Server installation (including all applications and configuration files). Users of Tomcat should upgrade to these updated packages, which resolve this issue. Tomcat must be restarted for this update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	66690
published	2013-05-30
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/66690
title	RHEL 5 / 6 : tomcat5 and tomcat6 (RHSA-2013:0872)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2013-633.NASL
description	Tomcat was updated to fix security issues and bug: CVE-2013-1976: Avoid a potential symlink race during startup of the tomcat server, where a local attacker that gaine access to the tomcat chroot could escalate privileges to root. CVE-2013-2067: java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat did not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack. CVE-2012-3544: Tomcat were affected by a chunked transfer encoding extension size denial of service vulnerability. Also the following bug was fixed : - Fix tomcat init scripts generating malformed classpath (http://youtrack.jetbrains.com/issue/JT-18545) bnc#804992
last seen	2020-06-05
modified	2014-06-13
plugin id	75107
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/75107
title	openSUSE Security Update : tomcat (openSUSE-SU-2013:1307-1)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2013-0869.NASL
description	Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, tomcat6-initd.log has been moved from /var/log/tomcat6/ to the /var/log/ directory. It was found that the RHSA-2013:0623 update did not correctly fix CVE-2012-5887, a weakness in the Tomcat DIGEST authentication implementation. A remote attacker could use this flaw to perform replay attacks in some circumstances. Additionally, this problem also prevented users from being able to authenticate using DIGEST authentication. (CVE-2013-2051) Red Hat would like to thank Simon Fayer of Imperial College London for reporting the CVE-2013-1976 issue. Users of Tomcat are advised to upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	66674
published	2013-05-30
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/66674
title	CentOS 6 : tomcat6 (CESA-2013:0869)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2014-042.NASL
description	Updated tomcat6 packages fix security vulnerabilities : It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting in a denial of service (CVE-2012-3544). A frame injection in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc (CVE-2013-1571). A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root (CVE-2013-1976). It was discovered that Tomcat incorrectly handled certain authentication requests. A remote attacker could possibly use this flaw to inject a request that would get executed with a victim
last seen	2020-06-01
modified	2020-06-02
plugin id	72595
published	2014-02-20
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/72595
title	Mandriva Linux Security Advisory : tomcat6 (MDVSA-2014:042)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2013-0869.NASL
description	From Red Hat Security Advisory 2013:0869 : Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, tomcat6-initd.log has been moved from /var/log/tomcat6/ to the /var/log/ directory. It was found that the RHSA-2013:0623 update did not correctly fix CVE-2012-5887, a weakness in the Tomcat DIGEST authentication implementation. A remote attacker could use this flaw to perform replay attacks in some circumstances. Additionally, this problem also prevented users from being able to authenticate using DIGEST authentication. (CVE-2013-2051) Red Hat would like to thank Simon Fayer of Imperial College London for reporting the CVE-2013-1976 issue. Users of Tomcat are advised to upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	68827
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68827
title	Oracle Linux 6 : tomcat6 (ELSA-2013-0869)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-0870.NASL
description	Updated tomcat5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way the tomcat5 init script handled the catalina.out log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, /var/log/tomcat5/catalina.out has been moved to the /var/log/tomcat5-initd.log file. Red Hat would like to thank Simon Fayer of Imperial College London for reporting this issue. Users of Tomcat are advised to upgrade to these updated packages, which correct this issue. Tomcat must be restarted for this update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	66661
published	2013-05-29
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/66661
title	RHEL 5 : tomcat5 (RHSA-2013:0870)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2013-0870.NASL
description	From Red Hat Security Advisory 2013:0870 : Updated tomcat5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way the tomcat5 init script handled the catalina.out log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, /var/log/tomcat5/catalina.out has been moved to the /var/log/tomcat5-initd.log file. Red Hat would like to thank Simon Fayer of Imperial College London for reporting this issue. Users of Tomcat are advised to upgrade to these updated packages, which correct this issue. Tomcat must be restarted for this update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	68828
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68828
title	Oracle Linux 5 : tomcat5 (ELSA-2013-0870)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2013-0870.NASL
description	Updated tomcat5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way the tomcat5 init script handled the catalina.out log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, /var/log/tomcat5/catalina.out has been moved to the /var/log/tomcat5-initd.log file. Red Hat would like to thank Simon Fayer of Imperial College London for reporting this issue. Users of Tomcat are advised to upgrade to these updated packages, which correct this issue. Tomcat must be restarted for this update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	66675
published	2013-05-30
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/66675
title	CentOS 5 : tomcat5 (CESA-2013:0870)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2013-632.NASL
description	Tomcat was updated to fix two security issues: CVE-2013-1976: Avoid a potential symlink race during startup of the tomcat server, where a local attacker that gaine access to the tomcat chroot could escalate privileges to root. CVE-2013-2071: java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x did not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
last seen	2020-06-05
modified	2014-06-13
plugin id	75106
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/75106
title	openSUSE Security Update : tomcat (openSUSE-SU-2013:1306-1)

Redhat

advisories

bugzilla

id	927622
title	CVE-2013-1976 tomcat: Improper TOMCAT_LOG management in init script (DoS, ACE)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND

comment tomcat5-servlet-2.4-api is earlier than 0:5.5.23-0jpp.40.el5_9
oval oval:com.redhat.rhsa:tst:20130870001
comment tomcat5-servlet-2.4-api is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070327022

AND

comment tomcat5-jsp-2.0-api is earlier than 0:5.5.23-0jpp.40.el5_9
oval oval:com.redhat.rhsa:tst:20130870003
comment tomcat5-jsp-2.0-api is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070327004

AND

comment tomcat5-admin-webapps is earlier than 0:5.5.23-0jpp.40.el5_9
oval oval:com.redhat.rhsa:tst:20130870005
comment tomcat5-admin-webapps is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070327008

AND

comment tomcat5-common-lib is earlier than 0:5.5.23-0jpp.40.el5_9
oval oval:com.redhat.rhsa:tst:20130870007
comment tomcat5-common-lib is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070327002

AND

comment tomcat5-jasper-javadoc is earlier than 0:5.5.23-0jpp.40.el5_9
oval oval:com.redhat.rhsa:tst:20130870009
comment tomcat5-jasper-javadoc is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070327018

AND

comment tomcat5-servlet-2.4-api-javadoc is earlier than 0:5.5.23-0jpp.40.el5_9
oval oval:com.redhat.rhsa:tst:20130870011
comment tomcat5-servlet-2.4-api-javadoc is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070327016

AND

comment tomcat5-jasper is earlier than 0:5.5.23-0jpp.40.el5_9
oval oval:com.redhat.rhsa:tst:20130870013
comment tomcat5-jasper is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070327010

AND

comment tomcat5-webapps is earlier than 0:5.5.23-0jpp.40.el5_9
oval oval:com.redhat.rhsa:tst:20130870015
comment tomcat5-webapps is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070327006

AND

comment tomcat5-server-lib is earlier than 0:5.5.23-0jpp.40.el5_9
oval oval:com.redhat.rhsa:tst:20130870017
comment tomcat5-server-lib is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070327020

AND
comment tomcat5 is earlier than 0:5.5.23-0jpp.40.el5_9
oval oval:com.redhat.rhsa:tst:20130870019
comment tomcat5 is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070327014

AND

comment tomcat5-jsp-2.0-api-javadoc is earlier than 0:5.5.23-0jpp.40.el5_9
oval oval:com.redhat.rhsa:tst:20130870021
comment tomcat5-jsp-2.0-api-javadoc is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070327012

rhsa

id	RHSA-2013:0870
released	2013-05-28
severity	Important
title	RHSA-2013:0870: tomcat5 security update (Important)

rhsa
id RHSA-2013:0869
rhsa
id RHSA-2013:0871
rhsa
id RHSA-2013:0872

rpms

tomcat6-0:6.0.24-55.el6_4
tomcat6-admin-webapps-0:6.0.24-55.el6_4
tomcat6-docs-webapp-0:6.0.24-55.el6_4
tomcat6-el-2.1-api-0:6.0.24-55.el6_4
tomcat6-javadoc-0:6.0.24-55.el6_4
tomcat6-jsp-2.1-api-0:6.0.24-55.el6_4
tomcat6-lib-0:6.0.24-55.el6_4
tomcat6-servlet-2.5-api-0:6.0.24-55.el6_4
tomcat6-webapps-0:6.0.24-55.el6_4
tomcat5-0:5.5.23-0jpp.40.el5_9
tomcat5-admin-webapps-0:5.5.23-0jpp.40.el5_9
tomcat5-common-lib-0:5.5.23-0jpp.40.el5_9
tomcat5-debuginfo-0:5.5.23-0jpp.40.el5_9
tomcat5-jasper-0:5.5.23-0jpp.40.el5_9
tomcat5-jasper-javadoc-0:5.5.23-0jpp.40.el5_9
tomcat5-jsp-2.0-api-0:5.5.23-0jpp.40.el5_9
tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.40.el5_9
tomcat5-server-lib-0:5.5.23-0jpp.40.el5_9
tomcat5-servlet-2.4-api-0:5.5.23-0jpp.40.el5_9
tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.40.el5_9
tomcat5-webapps-0:5.5.23-0jpp.40.el5_9
tomcat6-0:6.0.35-12_patch_07.ep6.el5
tomcat6-0:6.0.35-33_patch_07.ep6.el6
tomcat6-admin-webapps-0:6.0.35-12_patch_07.ep6.el5
tomcat6-admin-webapps-0:6.0.35-33_patch_07.ep6.el6
tomcat6-docs-webapp-0:6.0.35-12_patch_07.ep6.el5
tomcat6-docs-webapp-0:6.0.35-33_patch_07.ep6.el6
tomcat6-el-1.0-api-0:6.0.35-12_patch_07.ep6.el5
tomcat6-el-1.0-api-0:6.0.35-33_patch_07.ep6.el6
tomcat6-javadoc-0:6.0.35-12_patch_07.ep6.el5
tomcat6-javadoc-0:6.0.35-33_patch_07.ep6.el6
tomcat6-jsp-2.1-api-0:6.0.35-12_patch_07.ep6.el5
tomcat6-jsp-2.1-api-0:6.0.35-33_patch_07.ep6.el6
tomcat6-lib-0:6.0.35-12_patch_07.ep6.el5
tomcat6-lib-0:6.0.35-33_patch_07.ep6.el6
tomcat6-log4j-0:6.0.35-12_patch_07.ep6.el5
tomcat6-log4j-0:6.0.35-33_patch_07.ep6.el6
tomcat6-servlet-2.5-api-0:6.0.35-12_patch_07.ep6.el5
tomcat6-servlet-2.5-api-0:6.0.35-33_patch_07.ep6.el6
tomcat6-webapps-0:6.0.35-12_patch_07.ep6.el5
tomcat6-webapps-0:6.0.35-33_patch_07.ep6.el6
tomcat7-0:7.0.30-5_patch_03.ep6.el5
tomcat7-0:7.0.30-7_patch_03.ep6.el6
tomcat7-admin-webapps-0:7.0.30-5_patch_03.ep6.el5
tomcat7-admin-webapps-0:7.0.30-7_patch_03.ep6.el6
tomcat7-docs-webapp-0:7.0.30-5_patch_03.ep6.el5
tomcat7-docs-webapp-0:7.0.30-7_patch_03.ep6.el6
tomcat7-el-1.0-api-0:7.0.30-5_patch_03.ep6.el5
tomcat7-el-1.0-api-0:7.0.30-7_patch_03.ep6.el6
tomcat7-javadoc-0:7.0.30-5_patch_03.ep6.el5
tomcat7-javadoc-0:7.0.30-7_patch_03.ep6.el6
tomcat7-jsp-2.2-api-0:7.0.30-5_patch_03.ep6.el5
tomcat7-jsp-2.2-api-0:7.0.30-7_patch_03.ep6.el6
tomcat7-lib-0:7.0.30-5_patch_03.ep6.el5
tomcat7-lib-0:7.0.30-7_patch_03.ep6.el6
tomcat7-log4j-0:7.0.30-5_patch_03.ep6.el5
tomcat7-log4j-0:7.0.30-7_patch_03.ep6.el6
tomcat7-servlet-3.0-api-0:7.0.30-5_patch_03.ep6.el5
tomcat7-servlet-3.0-api-0:7.0.30-7_patch_03.ep6.el6
tomcat7-webapps-0:7.0.30-5_patch_03.ep6.el5
tomcat7-webapps-0:7.0.30-7_patch_03.ep6.el6
tomcat5-0:5.5.33-33_patch_09.ep5.el5
tomcat5-0:5.5.33-36_patch_09.ep5.el6
tomcat5-admin-webapps-0:5.5.33-33_patch_09.ep5.el5
tomcat5-admin-webapps-0:5.5.33-36_patch_09.ep5.el6
tomcat5-common-lib-0:5.5.33-33_patch_09.ep5.el5
tomcat5-common-lib-0:5.5.33-36_patch_09.ep5.el6
tomcat5-jasper-0:5.5.33-33_patch_09.ep5.el5
tomcat5-jasper-0:5.5.33-36_patch_09.ep5.el6
tomcat5-jasper-eclipse-0:5.5.33-33_patch_09.ep5.el5
tomcat5-jasper-eclipse-0:5.5.33-36_patch_09.ep5.el6
tomcat5-jasper-javadoc-0:5.5.33-33_patch_09.ep5.el5
tomcat5-jasper-javadoc-0:5.5.33-36_patch_09.ep5.el6
tomcat5-jsp-2.0-api-0:5.5.33-33_patch_09.ep5.el5
tomcat5-jsp-2.0-api-0:5.5.33-36_patch_09.ep5.el6
tomcat5-jsp-2.0-api-javadoc-0:5.5.33-33_patch_09.ep5.el5
tomcat5-jsp-2.0-api-javadoc-0:5.5.33-36_patch_09.ep5.el6
tomcat5-parent-0:5.5.33-33_patch_09.ep5.el5
tomcat5-parent-0:5.5.33-36_patch_09.ep5.el6
tomcat5-server-lib-0:5.5.33-33_patch_09.ep5.el5
tomcat5-server-lib-0:5.5.33-36_patch_09.ep5.el6
tomcat5-servlet-2.4-api-0:5.5.33-33_patch_09.ep5.el5
tomcat5-servlet-2.4-api-0:5.5.33-36_patch_09.ep5.el6
tomcat5-servlet-2.4-api-javadoc-0:5.5.33-33_patch_09.ep5.el5
tomcat5-servlet-2.4-api-javadoc-0:5.5.33-36_patch_09.ep5.el6
tomcat5-webapps-0:5.5.33-33_patch_09.ep5.el5
tomcat5-webapps-0:5.5.33-36_patch_09.ep5.el6
tomcat6-0:6.0.32-32_patch_09.ep5.el5
tomcat6-0:6.0.32-35_patch_09.ep5.el6
tomcat6-admin-webapps-0:6.0.32-32_patch_09.ep5.el5
tomcat6-admin-webapps-0:6.0.32-35_patch_09.ep5.el6
tomcat6-docs-webapp-0:6.0.32-32_patch_09.ep5.el5
tomcat6-docs-webapp-0:6.0.32-35_patch_09.ep5.el6
tomcat6-el-1.0-api-0:6.0.32-32_patch_09.ep5.el5
tomcat6-el-1.0-api-0:6.0.32-35_patch_09.ep5.el6
tomcat6-javadoc-0:6.0.32-32_patch_09.ep5.el5
tomcat6-javadoc-0:6.0.32-35_patch_09.ep5.el6
tomcat6-jsp-2.1-api-0:6.0.32-32_patch_09.ep5.el5
tomcat6-jsp-2.1-api-0:6.0.32-35_patch_09.ep5.el6
tomcat6-lib-0:6.0.32-32_patch_09.ep5.el5
tomcat6-lib-0:6.0.32-35_patch_09.ep5.el6
tomcat6-log4j-0:6.0.32-32_patch_09.ep5.el5
tomcat6-log4j-0:6.0.32-35_patch_09.ep5.el6
tomcat6-servlet-2.5-api-0:6.0.32-32_patch_09.ep5.el5
tomcat6-servlet-2.5-api-0:6.0.32-35_patch_09.ep5.el6
tomcat6-webapps-0:6.0.32-32_patch_09.ep5.el5
tomcat6-webapps-0:6.0.32-35_patch_09.ep5.el6

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 60186 CVE(CAN) ID: CVE-2013-1976 Apache Tomcat是一个流行的开源JSP应用服务器程序。 Apache Tomcat服务中init脚本在管理Tomcat日志文件时存在漏洞，本地攻击者可利用此漏洞造成拒绝服务，或者通过对Tomcat日志文件的符号链接攻击，以特权系统用户权限执行任意代码。 0 Apache Group Tomcat 厂商补丁： Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://jakarta.apache.org/tomcat/index.html
id	SSV:60813
last seen	2017-11-19
modified	2013-05-30
published	2013-05-30
reporter	Root
title	Apache Tomcat 不安全临时文件处理漏洞(CVE-2013-1976)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

Seebug

References