Vulnerabilities > CVE-2013-1976 - Link Following vulnerability in Redhat Enterprise Linux and Jboss Enterprise web Server

047910
CVSS 6.9 - MEDIUM
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
redhat
CWE-59
nessus

Summary

The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Symlink Attack
    An attacker positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name. The endpoint file may be either output or input. If the file is output, the result is that the endpoint is modified, instead of a file at the intended location. Modifications to the endpoint file may include appending, overwriting, corrupting, changing permissions, or other modifications. In some variants of this attack the attacker may be able to control the change to a file while in other cases they cannot. The former is especially damaging since the attacker may be able to grant themselves increased privileges or insert false information, but the latter can also be damaging as it can expose sensitive information or corrupt or destroy vital system or application files. Alternatively, the endpoint file may serve as input to the targeted application. This can be used to feed malformed input into the target or to cause the target to process different information, possibly allowing the attacker to control the actions of the target or to cause the target to expose information to the attacker. Moreover, the actions taken on the endpoint file are undertaken with the permissions of the targeted user or application, which may exceed the permissions that the attacker would normally have.
  • Accessing, Modifying or Executing Executable Files
    An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Manipulating Input to File System Calls
    An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.

Nessus

  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130528_TOMCAT5_ON_SL5_X.NASL
    descriptionA flaw was found in the way the tomcat5 init script handled the catalina.out log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, /var/log/tomcat5/catalina.out has been moved to the /var/log/tomcat5-initd.log file. Tomcat must be restarted for this update to take effect.
    last seen2020-03-18
    modified2013-05-29
    plugin id66664
    published2013-05-29
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66664
    titleScientific Linux Security Update : tomcat5 on SL5.x i386/x86_64 (20130528)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(66664);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-1976");
    
      script_name(english:"Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64 (20130528)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A flaw was found in the way the tomcat5 init script handled the
    catalina.out log file. A malicious web application deployed on Tomcat
    could use this flaw to perform a symbolic link attack to change the
    ownership of an arbitrary system file to that of the tomcat user,
    allowing them to escalate their privileges to root. (CVE-2013-1976)
    
    Note: With this update, /var/log/tomcat5/catalina.out has been moved
    to the /var/log/tomcat5-initd.log file.
    
    Tomcat must be restarted for this update to take effect."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1305&L=scientific-linux-errata&T=0&P=2291
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ddc5e362"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat5-admin-webapps");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat5-common-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat5-jasper");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat5-jasper-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat5-jsp-2.0-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat5-jsp-2.0-api-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat5-server-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat5-servlet-2.4-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat5-servlet-2.4-api-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat5-webapps");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/05/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL5", reference:"tomcat5-5.5.23-0jpp.40.el5_9")) flag++;
    if (rpm_check(release:"SL5", reference:"tomcat5-admin-webapps-5.5.23-0jpp.40.el5_9")) flag++;
    if (rpm_check(release:"SL5", reference:"tomcat5-common-lib-5.5.23-0jpp.40.el5_9")) flag++;
    if (rpm_check(release:"SL5", reference:"tomcat5-debuginfo-5.5.23-0jpp.40.el5_9")) flag++;
    if (rpm_check(release:"SL5", reference:"tomcat5-jasper-5.5.23-0jpp.40.el5_9")) flag++;
    if (rpm_check(release:"SL5", reference:"tomcat5-jasper-javadoc-5.5.23-0jpp.40.el5_9")) flag++;
    if (rpm_check(release:"SL5", reference:"tomcat5-jsp-2.0-api-5.5.23-0jpp.40.el5_9")) flag++;
    if (rpm_check(release:"SL5", reference:"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.40.el5_9")) flag++;
    if (rpm_check(release:"SL5", reference:"tomcat5-server-lib-5.5.23-0jpp.40.el5_9")) flag++;
    if (rpm_check(release:"SL5", reference:"tomcat5-servlet-2.4-api-5.5.23-0jpp.40.el5_9")) flag++;
    if (rpm_check(release:"SL5", reference:"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.40.el5_9")) flag++;
    if (rpm_check(release:"SL5", reference:"tomcat5-webapps-5.5.23-0jpp.40.el5_9")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2013-196.NASL
    descriptionThe (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.
    last seen2020-06-01
    modified2020-06-02
    plugin id69754
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69754
    titleAmazon Linux AMI : tomcat6 (ALAS-2013-196)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2013-196.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69754);
      script_version("1.5");
      script_cvs_date("Date: 2018/04/18 15:09:35");
    
      script_cve_id("CVE-2013-1976");
      script_xref(name:"ALAS", value:"2013-196");
    
      script_name(english:"Amazon Linux AMI : tomcat6 (ALAS-2013-196)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in
    the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2
    and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to
    change the ownership of arbitrary files via a symlink attack on (a)
    tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d)
    tomcat7-initd.log."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2013-196.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update tomcat6' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat6-admin-webapps");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat6-docs-webapp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat6-el-2.1-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat6-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat6-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat6-webapps");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/06/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"tomcat6-6.0.37-1.1.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"tomcat6-admin-webapps-6.0.37-1.1.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"tomcat6-docs-webapp-6.0.37-1.1.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"tomcat6-el-2.1-api-6.0.37-1.1.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"tomcat6-javadoc-6.0.37-1.1.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"tomcat6-jsp-2.1-api-6.0.37-1.1.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"tomcat6-lib-6.0.37-1.1.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"tomcat6-servlet-2.5-api-6.0.37-1.1.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"tomcat6-webapps-6.0.37-1.1.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130528_TOMCAT6_ON_SL6_X.NASL
    descriptionA flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, tomcat6-initd.log has been moved from /var/log/tomcat6/ to the /var/log/ directory. It was found that the SLSA-2013:0623 update did not correctly fix CVE-2012-5887, a weakness in the Tomcat DIGEST authentication implementation. A remote attacker could use this flaw to perform replay attacks in some circumstances. Additionally, this problem also prevented users from being able to authenticate using DIGEST authentication. (CVE-2013-2051) Tomcat must be restarted for this update to take effect.
    last seen2020-03-18
    modified2013-05-29
    plugin id66665
    published2013-05-29
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66665
    titleScientific Linux Security Update : tomcat6 on SL6.x (noarch) (20130528)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(66665);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/27");
    
      script_cve_id("CVE-2012-5887", "CVE-2013-1976", "CVE-2013-2051");
    
      script_name(english:"Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20130528)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A flaw was found in the way the tomcat6 init script handled the
    tomcat6-initd.log log file. A malicious web application deployed on
    Tomcat could use this flaw to perform a symbolic link attack to change
    the ownership of an arbitrary system file to that of the tomcat user,
    allowing them to escalate their privileges to root. (CVE-2013-1976)
    
    Note: With this update, tomcat6-initd.log has been moved from
    /var/log/tomcat6/ to the /var/log/ directory.
    
    It was found that the SLSA-2013:0623 update did not correctly fix
    CVE-2012-5887, a weakness in the Tomcat DIGEST authentication
    implementation. A remote attacker could use this flaw to perform
    replay attacks in some circumstances. Additionally, this problem also
    prevented users from being able to authenticate using DIGEST
    authentication. (CVE-2013-2051)
    
    Tomcat must be restarted for this update to take effect."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1305&L=scientific-linux-errata&T=0&P=2167
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bcf2c088"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat6-admin-webapps");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat6-docs-webapp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat6-el-2.1-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat6-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat6-jsp-2.1-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat6-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat6-servlet-2.5-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tomcat6-webapps");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/05/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL6", reference:"tomcat6-6.0.24-55.el6_4")) flag++;
    if (rpm_check(release:"SL6", reference:"tomcat6-admin-webapps-6.0.24-55.el6_4")) flag++;
    if (rpm_check(release:"SL6", reference:"tomcat6-docs-webapp-6.0.24-55.el6_4")) flag++;
    if (rpm_check(release:"SL6", reference:"tomcat6-el-2.1-api-6.0.24-55.el6_4")) flag++;
    if (rpm_check(release:"SL6", reference:"tomcat6-javadoc-6.0.24-55.el6_4")) flag++;
    if (rpm_check(release:"SL6", reference:"tomcat6-jsp-2.1-api-6.0.24-55.el6_4")) flag++;
    if (rpm_check(release:"SL6", reference:"tomcat6-lib-6.0.24-55.el6_4")) flag++;
    if (rpm_check(release:"SL6", reference:"tomcat6-servlet-2.5-api-6.0.24-55.el6_4")) flag++;
    if (rpm_check(release:"SL6", reference:"tomcat6-webapps-6.0.24-55.el6_4")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0869.NASL
    descriptionUpdated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, tomcat6-initd.log has been moved from /var/log/tomcat6/ to the /var/log/ directory. It was found that the RHSA-2013:0623 update did not correctly fix CVE-2012-5887, a weakness in the Tomcat DIGEST authentication implementation. A remote attacker could use this flaw to perform replay attacks in some circumstances. Additionally, this problem also prevented users from being able to authenticate using DIGEST authentication. (CVE-2013-2051) Red Hat would like to thank Simon Fayer of Imperial College London for reporting the CVE-2013-1976 issue. Users of Tomcat are advised to upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id66660
    published2013-05-29
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66660
    titleRHEL 6 : tomcat6 (RHSA-2013:0869)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_TOMCAT6-130802.NASL
    descriptionThis update of tomcat6 fixes : - apache-tomcat-CVE-2012-3544.patch. (bnc#831119) - use chown --no-dereference to prevent symlink attacks on log (bnc#822177#c7/prevents CVE-2013-1976) - Fix tomcat init scripts generating malformed classpath ( http://youtrack.jetbrains.com/issue/JT-18545 ) bnc#804992 (patch from m407) - fix a typo in initscript. (bnc#768772) - copy all shell scripts (bnc#818948)
    last seen2020-06-05
    modified2013-08-23
    plugin id69458
    published2013-08-23
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69458
    titleSuSE 11.2 / 11.3 Security Update : tomcat6 (SAT Patch Numbers 8155 / 8156)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0871.NASL
    descriptionUpdated tomcat6 and tomcat7 packages that fix one security issue are now available for JBoss Enterprise Web Server 2.0.0 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way the tomcat6 and tomcat7 init scripts handled the tomcat6-initd.log and tomcat7-initd.log log files. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, tomcat6-initd.log and tomcat7-initd.log have been moved to the /var/log/ directory. Red Hat would like to thank Simon Fayer of Imperial College London for reporting this issue. Warning: Before applying the update, back up your existing JBoss Enterprise Web Server installation (including all applications and configuration files). Users of Tomcat should upgrade to these updated packages, which resolve this issue. Tomcat must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id76236
    published2014-06-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76236
    titleRHEL 5 / 6 : JBoss Web Server (RHSA-2013:0871)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0872.NASL
    descriptionUpdated tomcat5 and tomcat6 packages that fix one security issue are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way the tomcat5 and tomcat6 init scripts handled the tomcat5-initd.log and tomcat6-initd.log log files. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, tomcat5-initd.log and tomcat6-initd.log have been moved to the /var/log/ directory. Red Hat would like to thank Simon Fayer of Imperial College London for reporting this issue. Warning: Before applying the update, back up your existing JBoss Enterprise Web Server installation (including all applications and configuration files). Users of Tomcat should upgrade to these updated packages, which resolve this issue. Tomcat must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id66690
    published2013-05-30
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66690
    titleRHEL 5 / 6 : tomcat5 and tomcat6 (RHSA-2013:0872)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-633.NASL
    descriptionTomcat was updated to fix security issues and bug: CVE-2013-1976: Avoid a potential symlink race during startup of the tomcat server, where a local attacker that gaine access to the tomcat chroot could escalate privileges to root. CVE-2013-2067: java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat did not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack. CVE-2012-3544: Tomcat were affected by a chunked transfer encoding extension size denial of service vulnerability. Also the following bug was fixed : - Fix tomcat init scripts generating malformed classpath (http://youtrack.jetbrains.com/issue/JT-18545) bnc#804992
    last seen2020-06-05
    modified2014-06-13
    plugin id75107
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75107
    titleopenSUSE Security Update : tomcat (openSUSE-SU-2013:1307-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-0869.NASL
    descriptionUpdated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, tomcat6-initd.log has been moved from /var/log/tomcat6/ to the /var/log/ directory. It was found that the RHSA-2013:0623 update did not correctly fix CVE-2012-5887, a weakness in the Tomcat DIGEST authentication implementation. A remote attacker could use this flaw to perform replay attacks in some circumstances. Additionally, this problem also prevented users from being able to authenticate using DIGEST authentication. (CVE-2013-2051) Red Hat would like to thank Simon Fayer of Imperial College London for reporting the CVE-2013-1976 issue. Users of Tomcat are advised to upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id66674
    published2013-05-30
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66674
    titleCentOS 6 : tomcat6 (CESA-2013:0869)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-042.NASL
    descriptionUpdated tomcat6 packages fix security vulnerabilities : It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting in a denial of service (CVE-2012-3544). A frame injection in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc (CVE-2013-1571). A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root (CVE-2013-1976). It was discovered that Tomcat incorrectly handled certain authentication requests. A remote attacker could possibly use this flaw to inject a request that would get executed with a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id72595
    published2014-02-20
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72595
    titleMandriva Linux Security Advisory : tomcat6 (MDVSA-2014:042)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-0869.NASL
    descriptionFrom Red Hat Security Advisory 2013:0869 : Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, tomcat6-initd.log has been moved from /var/log/tomcat6/ to the /var/log/ directory. It was found that the RHSA-2013:0623 update did not correctly fix CVE-2012-5887, a weakness in the Tomcat DIGEST authentication implementation. A remote attacker could use this flaw to perform replay attacks in some circumstances. Additionally, this problem also prevented users from being able to authenticate using DIGEST authentication. (CVE-2013-2051) Red Hat would like to thank Simon Fayer of Imperial College London for reporting the CVE-2013-1976 issue. Users of Tomcat are advised to upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68827
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68827
    titleOracle Linux 6 : tomcat6 (ELSA-2013-0869)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0870.NASL
    descriptionUpdated tomcat5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way the tomcat5 init script handled the catalina.out log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, /var/log/tomcat5/catalina.out has been moved to the /var/log/tomcat5-initd.log file. Red Hat would like to thank Simon Fayer of Imperial College London for reporting this issue. Users of Tomcat are advised to upgrade to these updated packages, which correct this issue. Tomcat must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id66661
    published2013-05-29
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66661
    titleRHEL 5 : tomcat5 (RHSA-2013:0870)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-0870.NASL
    descriptionFrom Red Hat Security Advisory 2013:0870 : Updated tomcat5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way the tomcat5 init script handled the catalina.out log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, /var/log/tomcat5/catalina.out has been moved to the /var/log/tomcat5-initd.log file. Red Hat would like to thank Simon Fayer of Imperial College London for reporting this issue. Users of Tomcat are advised to upgrade to these updated packages, which correct this issue. Tomcat must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68828
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68828
    titleOracle Linux 5 : tomcat5 (ELSA-2013-0870)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-0870.NASL
    descriptionUpdated tomcat5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way the tomcat5 init script handled the catalina.out log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, /var/log/tomcat5/catalina.out has been moved to the /var/log/tomcat5-initd.log file. Red Hat would like to thank Simon Fayer of Imperial College London for reporting this issue. Users of Tomcat are advised to upgrade to these updated packages, which correct this issue. Tomcat must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id66675
    published2013-05-30
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66675
    titleCentOS 5 : tomcat5 (CESA-2013:0870)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-632.NASL
    descriptionTomcat was updated to fix two security issues: CVE-2013-1976: Avoid a potential symlink race during startup of the tomcat server, where a local attacker that gaine access to the tomcat chroot could escalate privileges to root. CVE-2013-2071: java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x did not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
    last seen2020-06-05
    modified2014-06-13
    plugin id75106
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75106
    titleopenSUSE Security Update : tomcat (openSUSE-SU-2013:1306-1)

Redhat

advisories
  • bugzilla
    id927622
    titleCVE-2013-1976 tomcat: Improper TOMCAT_LOG management in init script (DoS, ACE)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commenttomcat5-servlet-2.4-api is earlier than 0:5.5.23-0jpp.40.el5_9
            ovaloval:com.redhat.rhsa:tst:20130870001
          • commenttomcat5-servlet-2.4-api is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327022
        • AND
          • commenttomcat5-jsp-2.0-api is earlier than 0:5.5.23-0jpp.40.el5_9
            ovaloval:com.redhat.rhsa:tst:20130870003
          • commenttomcat5-jsp-2.0-api is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327004
        • AND
          • commenttomcat5-admin-webapps is earlier than 0:5.5.23-0jpp.40.el5_9
            ovaloval:com.redhat.rhsa:tst:20130870005
          • commenttomcat5-admin-webapps is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327008
        • AND
          • commenttomcat5-common-lib is earlier than 0:5.5.23-0jpp.40.el5_9
            ovaloval:com.redhat.rhsa:tst:20130870007
          • commenttomcat5-common-lib is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327002
        • AND
          • commenttomcat5-jasper-javadoc is earlier than 0:5.5.23-0jpp.40.el5_9
            ovaloval:com.redhat.rhsa:tst:20130870009
          • commenttomcat5-jasper-javadoc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327018
        • AND
          • commenttomcat5-servlet-2.4-api-javadoc is earlier than 0:5.5.23-0jpp.40.el5_9
            ovaloval:com.redhat.rhsa:tst:20130870011
          • commenttomcat5-servlet-2.4-api-javadoc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327016
        • AND
          • commenttomcat5-jasper is earlier than 0:5.5.23-0jpp.40.el5_9
            ovaloval:com.redhat.rhsa:tst:20130870013
          • commenttomcat5-jasper is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327010
        • AND
          • commenttomcat5-webapps is earlier than 0:5.5.23-0jpp.40.el5_9
            ovaloval:com.redhat.rhsa:tst:20130870015
          • commenttomcat5-webapps is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327006
        • AND
          • commenttomcat5-server-lib is earlier than 0:5.5.23-0jpp.40.el5_9
            ovaloval:com.redhat.rhsa:tst:20130870017
          • commenttomcat5-server-lib is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327020
        • AND
          • commenttomcat5 is earlier than 0:5.5.23-0jpp.40.el5_9
            ovaloval:com.redhat.rhsa:tst:20130870019
          • commenttomcat5 is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327014
        • AND
          • commenttomcat5-jsp-2.0-api-javadoc is earlier than 0:5.5.23-0jpp.40.el5_9
            ovaloval:com.redhat.rhsa:tst:20130870021
          • commenttomcat5-jsp-2.0-api-javadoc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070327012
    rhsa
    idRHSA-2013:0870
    released2013-05-28
    severityImportant
    titleRHSA-2013:0870: tomcat5 security update (Important)
  • rhsa
    idRHSA-2013:0869
  • rhsa
    idRHSA-2013:0871
  • rhsa
    idRHSA-2013:0872
rpms
  • tomcat6-0:6.0.24-55.el6_4
  • tomcat6-admin-webapps-0:6.0.24-55.el6_4
  • tomcat6-docs-webapp-0:6.0.24-55.el6_4
  • tomcat6-el-2.1-api-0:6.0.24-55.el6_4
  • tomcat6-javadoc-0:6.0.24-55.el6_4
  • tomcat6-jsp-2.1-api-0:6.0.24-55.el6_4
  • tomcat6-lib-0:6.0.24-55.el6_4
  • tomcat6-servlet-2.5-api-0:6.0.24-55.el6_4
  • tomcat6-webapps-0:6.0.24-55.el6_4
  • tomcat5-0:5.5.23-0jpp.40.el5_9
  • tomcat5-admin-webapps-0:5.5.23-0jpp.40.el5_9
  • tomcat5-common-lib-0:5.5.23-0jpp.40.el5_9
  • tomcat5-debuginfo-0:5.5.23-0jpp.40.el5_9
  • tomcat5-jasper-0:5.5.23-0jpp.40.el5_9
  • tomcat5-jasper-javadoc-0:5.5.23-0jpp.40.el5_9
  • tomcat5-jsp-2.0-api-0:5.5.23-0jpp.40.el5_9
  • tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.40.el5_9
  • tomcat5-server-lib-0:5.5.23-0jpp.40.el5_9
  • tomcat5-servlet-2.4-api-0:5.5.23-0jpp.40.el5_9
  • tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.40.el5_9
  • tomcat5-webapps-0:5.5.23-0jpp.40.el5_9
  • tomcat6-0:6.0.35-12_patch_07.ep6.el5
  • tomcat6-0:6.0.35-33_patch_07.ep6.el6
  • tomcat6-admin-webapps-0:6.0.35-12_patch_07.ep6.el5
  • tomcat6-admin-webapps-0:6.0.35-33_patch_07.ep6.el6
  • tomcat6-docs-webapp-0:6.0.35-12_patch_07.ep6.el5
  • tomcat6-docs-webapp-0:6.0.35-33_patch_07.ep6.el6
  • tomcat6-el-1.0-api-0:6.0.35-12_patch_07.ep6.el5
  • tomcat6-el-1.0-api-0:6.0.35-33_patch_07.ep6.el6
  • tomcat6-javadoc-0:6.0.35-12_patch_07.ep6.el5
  • tomcat6-javadoc-0:6.0.35-33_patch_07.ep6.el6
  • tomcat6-jsp-2.1-api-0:6.0.35-12_patch_07.ep6.el5
  • tomcat6-jsp-2.1-api-0:6.0.35-33_patch_07.ep6.el6
  • tomcat6-lib-0:6.0.35-12_patch_07.ep6.el5
  • tomcat6-lib-0:6.0.35-33_patch_07.ep6.el6
  • tomcat6-log4j-0:6.0.35-12_patch_07.ep6.el5
  • tomcat6-log4j-0:6.0.35-33_patch_07.ep6.el6
  • tomcat6-servlet-2.5-api-0:6.0.35-12_patch_07.ep6.el5
  • tomcat6-servlet-2.5-api-0:6.0.35-33_patch_07.ep6.el6
  • tomcat6-webapps-0:6.0.35-12_patch_07.ep6.el5
  • tomcat6-webapps-0:6.0.35-33_patch_07.ep6.el6
  • tomcat7-0:7.0.30-5_patch_03.ep6.el5
  • tomcat7-0:7.0.30-7_patch_03.ep6.el6
  • tomcat7-admin-webapps-0:7.0.30-5_patch_03.ep6.el5
  • tomcat7-admin-webapps-0:7.0.30-7_patch_03.ep6.el6
  • tomcat7-docs-webapp-0:7.0.30-5_patch_03.ep6.el5
  • tomcat7-docs-webapp-0:7.0.30-7_patch_03.ep6.el6
  • tomcat7-el-1.0-api-0:7.0.30-5_patch_03.ep6.el5
  • tomcat7-el-1.0-api-0:7.0.30-7_patch_03.ep6.el6
  • tomcat7-javadoc-0:7.0.30-5_patch_03.ep6.el5
  • tomcat7-javadoc-0:7.0.30-7_patch_03.ep6.el6
  • tomcat7-jsp-2.2-api-0:7.0.30-5_patch_03.ep6.el5
  • tomcat7-jsp-2.2-api-0:7.0.30-7_patch_03.ep6.el6
  • tomcat7-lib-0:7.0.30-5_patch_03.ep6.el5
  • tomcat7-lib-0:7.0.30-7_patch_03.ep6.el6
  • tomcat7-log4j-0:7.0.30-5_patch_03.ep6.el5
  • tomcat7-log4j-0:7.0.30-7_patch_03.ep6.el6
  • tomcat7-servlet-3.0-api-0:7.0.30-5_patch_03.ep6.el5
  • tomcat7-servlet-3.0-api-0:7.0.30-7_patch_03.ep6.el6
  • tomcat7-webapps-0:7.0.30-5_patch_03.ep6.el5
  • tomcat7-webapps-0:7.0.30-7_patch_03.ep6.el6
  • tomcat5-0:5.5.33-33_patch_09.ep5.el5
  • tomcat5-0:5.5.33-36_patch_09.ep5.el6
  • tomcat5-admin-webapps-0:5.5.33-33_patch_09.ep5.el5
  • tomcat5-admin-webapps-0:5.5.33-36_patch_09.ep5.el6
  • tomcat5-common-lib-0:5.5.33-33_patch_09.ep5.el5
  • tomcat5-common-lib-0:5.5.33-36_patch_09.ep5.el6
  • tomcat5-jasper-0:5.5.33-33_patch_09.ep5.el5
  • tomcat5-jasper-0:5.5.33-36_patch_09.ep5.el6
  • tomcat5-jasper-eclipse-0:5.5.33-33_patch_09.ep5.el5
  • tomcat5-jasper-eclipse-0:5.5.33-36_patch_09.ep5.el6
  • tomcat5-jasper-javadoc-0:5.5.33-33_patch_09.ep5.el5
  • tomcat5-jasper-javadoc-0:5.5.33-36_patch_09.ep5.el6
  • tomcat5-jsp-2.0-api-0:5.5.33-33_patch_09.ep5.el5
  • tomcat5-jsp-2.0-api-0:5.5.33-36_patch_09.ep5.el6
  • tomcat5-jsp-2.0-api-javadoc-0:5.5.33-33_patch_09.ep5.el5
  • tomcat5-jsp-2.0-api-javadoc-0:5.5.33-36_patch_09.ep5.el6
  • tomcat5-parent-0:5.5.33-33_patch_09.ep5.el5
  • tomcat5-parent-0:5.5.33-36_patch_09.ep5.el6
  • tomcat5-server-lib-0:5.5.33-33_patch_09.ep5.el5
  • tomcat5-server-lib-0:5.5.33-36_patch_09.ep5.el6
  • tomcat5-servlet-2.4-api-0:5.5.33-33_patch_09.ep5.el5
  • tomcat5-servlet-2.4-api-0:5.5.33-36_patch_09.ep5.el6
  • tomcat5-servlet-2.4-api-javadoc-0:5.5.33-33_patch_09.ep5.el5
  • tomcat5-servlet-2.4-api-javadoc-0:5.5.33-36_patch_09.ep5.el6
  • tomcat5-webapps-0:5.5.33-33_patch_09.ep5.el5
  • tomcat5-webapps-0:5.5.33-36_patch_09.ep5.el6
  • tomcat6-0:6.0.32-32_patch_09.ep5.el5
  • tomcat6-0:6.0.32-35_patch_09.ep5.el6
  • tomcat6-admin-webapps-0:6.0.32-32_patch_09.ep5.el5
  • tomcat6-admin-webapps-0:6.0.32-35_patch_09.ep5.el6
  • tomcat6-docs-webapp-0:6.0.32-32_patch_09.ep5.el5
  • tomcat6-docs-webapp-0:6.0.32-35_patch_09.ep5.el6
  • tomcat6-el-1.0-api-0:6.0.32-32_patch_09.ep5.el5
  • tomcat6-el-1.0-api-0:6.0.32-35_patch_09.ep5.el6
  • tomcat6-javadoc-0:6.0.32-32_patch_09.ep5.el5
  • tomcat6-javadoc-0:6.0.32-35_patch_09.ep5.el6
  • tomcat6-jsp-2.1-api-0:6.0.32-32_patch_09.ep5.el5
  • tomcat6-jsp-2.1-api-0:6.0.32-35_patch_09.ep5.el6
  • tomcat6-lib-0:6.0.32-32_patch_09.ep5.el5
  • tomcat6-lib-0:6.0.32-35_patch_09.ep5.el6
  • tomcat6-log4j-0:6.0.32-32_patch_09.ep5.el5
  • tomcat6-log4j-0:6.0.32-35_patch_09.ep5.el6
  • tomcat6-servlet-2.5-api-0:6.0.32-32_patch_09.ep5.el5
  • tomcat6-servlet-2.5-api-0:6.0.32-35_patch_09.ep5.el6
  • tomcat6-webapps-0:6.0.32-32_patch_09.ep5.el5
  • tomcat6-webapps-0:6.0.32-35_patch_09.ep5.el6

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 60186 CVE(CAN) ID: CVE-2013-1976 Apache Tomcat是一个流行的开源JSP应用服务器程序。 Apache Tomcat服务中init脚本在管理Tomcat日志文件时存在漏洞,本地攻击者可利用此漏洞造成拒绝服务,或者通过对Tomcat日志文件的符号链接攻击,以特权系统用户权限执行任意代码。 0 Apache Group Tomcat 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://jakarta.apache.org/tomcat/index.html
idSSV:60813
last seen2017-11-19
modified2013-05-30
published2013-05-30
reporterRoot
titleApache Tomcat 不安全临时文件处理漏洞(CVE-2013-1976)