Vulnerabilities > CVE-2014-0050 - Permissions, Privileges, and Access Controls vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Accessing, Modifying or Executing Executable Files An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
- Leverage Executable Code in Non-Executable Files An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
- Blue Boxing This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
- Restful Privilege Elevation Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
- Target Programs with Elevated Privileges This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.
Exploit-Db
| description | Apache Commons FileUpload and Apache Tomcat - Denial-of-Service. CVE-2014-0050. Dos exploits for multiple platform |
| id | EDB-ID:31615 |
| last seen | 2016-02-03 |
| modified | 2014-02-12 |
| published | 2014-02-12 |
| reporter | Trustwave's SpiderLabs |
| source | https://www.exploit-db.com/download/31615/ |
| title | Apache Commons FileUpload and Apache Tomcat - Denial-of-Service |
Metasploit
| description | This module triggers an infinite loop in Apache Commons FileUpload 1.0 through 1.3 via a specially crafted Content-Type header. Apache Tomcat 7 and Apache Tomcat 8 use a copy of FileUpload to handle mime-multipart requests, therefore, Apache Tomcat 7.0.0 through 7.0.50 and 8.0.0-RC1 through 8.0.1 are affected by this issue. Tomcat 6 also uses Commons FileUpload as part of the Manager application. |
| id | MSF:AUXILIARY/DOS/HTTP/APACHE_COMMONS_FILEUPLOAD_DOS |
| last seen | 2020-05-24 |
| modified | 2017-07-24 |
| published | 2014-02-22 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/http/apache_commons_fileupload_dos.rb |
| title | Apache Commons FileUpload and Apache Tomcat DoS |
Nessus
NASL family CGI abuses NASL id MYSQL_ENTERPRISE_MONITOR_2_3_17.NASL description According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by multiple vulnerabilities : - A flaw exists within last seen 2020-06-01 modified 2020-06-02 plugin id 83293 published 2015-05-08 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83293 title MySQL Enterprise Monitor < 2.3.17 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(83293); script_version("1.7"); script_cvs_date("Date: 2019/11/22"); script_cve_id( "CVE-2014-0050", "CVE-2014-0094", "CVE-2014-0112", "CVE-2014-0113", "CVE-2014-0116" ); script_bugtraq_id( 65400, 65999, 67064, 67081, 67218 ); script_xref(name:"CERT", value:"719225"); script_xref(name:"EDB-ID", value:"33142"); script_xref(name:"EDB-ID", value:"31615"); script_name(english:"MySQL Enterprise Monitor < 2.3.17 Multiple Vulnerabilities"); script_summary(english:"Checks the version of MySQL Enterprise Monitor."); script_set_attribute(attribute:"synopsis", value: "A web application running on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by multiple vulnerabilities : - A flaw exists within 'MultipartStream.java' in Apache Commons FileUpload when parsing malformed Content-Type headers. A remote attacker, using a crafted header, can exploit this to cause an infinite loop, resulting in a denial of service. (CVE-2014-0050) - Security bypass flaws exist in the ParametersInterceptor and CookieInterceptor classes, within the included Apache Struts 2 component, which are due to a failure to properly restrict access to their getClass() methods. A remote attacker, using a crafted request, can exploit these flaws to manipulate the ClassLoader, thus allowing the execution of arbitrary code or modification of the session state. Note that vulnerabilities CVE-2014-0112 and CVE-2014-0116 occurred because the patches for CVE-2014-0094 and CVE-2014-0113, respectively, were not complete fixes. (CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116)"); # https://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?56618dc1"); script_set_attribute(attribute:"see_also", value:"https://cwiki.apache.org/confluence/display/WW/S2-021"); script_set_attribute(attribute:"see_also", value:"https://cwiki.apache.org/confluence/display/WW/S2-022"); script_set_attribute(attribute:"solution", value: "Upgrade to MySQL Enterprise Monitor 2.3.17 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/02"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/08"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mysql:enterprise_monitor"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:struts"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:tomcat"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mysql_enterprise_monitor_web_detect.nasl"); script_require_keys("installed_sw/MySQL Enterprise Monitor"); script_require_ports("Services/www", 18080); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("install_func.inc"); app = "MySQL Enterprise Monitor"; get_install_count(app_name:app, exit_if_zero:TRUE); fix = "2.3.17"; port = get_http_port(default:18080); install = get_single_install(app_name:app, port:port, exit_if_unknown_ver:TRUE); version = install['version']; install_url = build_url(port:port, qs:"/"); if (ver_compare(ver:version, fix:fix, strict:FALSE) < 0) { if (report_verbosity > 0) { report = '\n URL : ' + install_url + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_hole(port:port, extra:report); } else security_hole(port); } else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201412-29.NASL description The remote host is affected by the vulnerability described in GLSA-201412-29 (Apache Tomcat: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to cause a Denial of Service condition as well as obtain sensitive information, bypass protection mechanisms and authentication restrictions. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 79982 published 2014-12-15 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79982 title GLSA-201412-29 : Apache Tomcat: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201412-29. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(79982); script_version("1.10"); script_cvs_date("Date: 2019/10/16 10:34:21"); script_cve_id("CVE-2012-2733", "CVE-2012-3544", "CVE-2012-3546", "CVE-2012-4431", "CVE-2012-4534", "CVE-2012-5885", "CVE-2012-5886", "CVE-2012-5887", "CVE-2013-2067", "CVE-2013-2071", "CVE-2013-4286", "CVE-2013-4322", "CVE-2013-4590", "CVE-2014-0033", "CVE-2014-0050", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119"); script_bugtraq_id(56402, 56403, 56812, 56813, 56814, 59797, 59798, 59799, 65400, 65767, 65768, 65769, 65773, 67667, 67668, 67669, 67671); script_xref(name:"GLSA", value:"201412-29"); script_name(english:"GLSA-201412-29 : Apache Tomcat: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201412-29 (Apache Tomcat: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to cause a Denial of Service condition as well as obtain sensitive information, bypass protection mechanisms and authentication restrictions. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201412-29" ); script_set_attribute( attribute:"solution", value: "All Tomcat 6.0.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-servers/tomcat-6.0.41' All Tomcat 7.0.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-servers/tomcat-7.0.56'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:tomcat"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/16"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-servers/tomcat", unaffected:make_list("ge 7.0.56", "rge 6.0.41", "rge 6.0.42", "rge 6.0.43", "rge 6.0.44", "rge 6.0.45", "rge 6.0.46", "rge 6.0.47", "rge 6.0.48"), vulnerable:make_list("lt 7.0.56"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Apache Tomcat"); }NASL family Fedora Local Security Checks NASL id FEDORA_2014-2175.NASL description This update fixes a denial of service vulnerability which could be triggered by specially crafted input if the buffer used by the MultipartSteeam was not big enough. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-02-18 plugin id 72544 published 2014-02-18 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72544 title Fedora 20 : apache-commons-fileupload-1.3-5.fc20 (2014-2175) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-2175. # include("compat.inc"); if (description) { script_id(72544); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-0050"); script_bugtraq_id(65400); script_xref(name:"FEDORA", value:"2014-2175"); script_name(english:"Fedora 20 : apache-commons-fileupload-1.3-5.fc20 (2014-2175)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes a denial of service vulnerability which could be triggered by specially crafted input if the buffer used by the MultipartSteeam was not big enough. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1062337" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128499.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a6ea25eb" ); script_set_attribute( attribute:"solution", value:"Update the affected apache-commons-fileupload package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:apache-commons-fileupload"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"apache-commons-fileupload-1.3-5.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache-commons-fileupload"); }NASL family CGI abuses NASL id MYSQL_ENTERPRISE_MONITOR_3_0_11.NASL description According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by multiple vulnerabilities : - A flaw exists within last seen 2020-06-01 modified 2020-06-02 plugin id 83295 published 2015-05-08 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83295 title MySQL Enterprise Monitor 3.0.x < 3.0.11 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(83295); script_version("1.7"); script_cvs_date("Date: 2019/11/22"); script_cve_id( "CVE-2014-0050", "CVE-2014-0094", "CVE-2014-0112", "CVE-2014-0113", "CVE-2014-0116" ); script_bugtraq_id( 65400, 65999, 67064, 67081, 67218 ); script_xref(name:"CERT", value:"719225"); script_xref(name:"EDB-ID", value:"33142"); script_xref(name:"EDB-ID", value:"31615"); script_name(english:"MySQL Enterprise Monitor 3.0.x < 3.0.11 Multiple Vulnerabilities"); script_summary(english:"Checks the version of MySQL Enterprise Monitor."); script_set_attribute(attribute:"synopsis", value: "A web application running on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by multiple vulnerabilities : - A flaw exists within 'MultipartStream.java' in Apache Commons FileUpload when parsing malformed Content-Type headers. A remote attacker, using a crafted header, can exploit this to cause an infinite loop, resulting in a denial of service. (CVE-2014-0050) - Security bypass flaws exist in the ParametersInterceptor and CookieInterceptor classes, within the included Apache Struts 2 component, which are due to a failure to properly restrict access to their getClass() methods. A remote attacker, using a crafted request, can exploit these flaws to manipulate the ClassLoader, thus allowing the execution of arbitrary code or modification of the session state. Note that vulnerabilities CVE-2014-0112 and CVE-2014-0116 occurred because the patches for CVE-2014-0094 and CVE-2014-0113, respectively, were not complete fixes. (CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116)"); # https://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?56618dc1"); script_set_attribute(attribute:"see_also", value:"https://cwiki.apache.org/confluence/display/WW/S2-021"); script_set_attribute(attribute:"see_also", value:"https://cwiki.apache.org/confluence/display/WW/S2-022"); script_set_attribute(attribute:"solution", value: "Upgrade to MySQL Enterprise Monitor 3.0.11 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/02"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/08"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mysql:enterprise_monitor"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:struts"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:tomcat"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mysql_enterprise_monitor_web_detect.nasl"); script_require_keys("installed_sw/MySQL Enterprise Monitor"); script_require_ports("Services/www", 18443); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("install_func.inc"); app = "MySQL Enterprise Monitor"; get_install_count(app_name:app, exit_if_zero:TRUE); fix = "3.0.11"; port = get_http_port(default:18443); install = get_single_install(app_name:app, port:port, exit_if_unknown_ver:TRUE); version = install['version']; install_url = build_url(port:port, qs:"/"); if (version =~ "^3\.0($|[^0-9])" && ver_compare(ver:version, fix:fix, strict:FALSE) < 0) { if (report_verbosity > 0) { report = '\n URL : ' + install_url + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_hole(port:port, extra:report); } else security_hole(port); } else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);NASL family Misc. NASL id VCENTER_OPERATIONS_MANAGER_VMSA_2014-0007.NASL description The version of vCenter Operations Manager installed on the remote host is prior to 5.8.2. It is, therefore, affected by the following vulnerabilities : - An error exists in the included Apache Tomcat version related to handling last seen 2020-06-01 modified 2020-06-02 plugin id 76388 published 2014-07-07 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76388 title VMware vCenter Operations Management Suite Multiple Vulnerabilities (VMSA-2014-0007) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(76388); script_version("1.8"); script_cvs_date("Date: 2018/08/06 14:03:14"); script_cve_id("CVE-2014-0050", "CVE-2014-0094", "CVE-2014-0112"); script_bugtraq_id(65400, 65999, 67064); script_xref(name:"VMSA", value:"2014-0007"); script_xref(name:"IAVB", value:"2014-B-0090"); script_name(english:"VMware vCenter Operations Management Suite Multiple Vulnerabilities (VMSA-2014-0007)"); script_summary(english:"Checks version of vCenter Operations Manager."); script_set_attribute(attribute:"synopsis", value: "The remote host has a virtualization appliance installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of vCenter Operations Manager installed on the remote host is prior to 5.8.2. It is, therefore, affected by the following vulnerabilities : - An error exists in the included Apache Tomcat version related to handling 'Content-Type' HTTP headers and multipart requests such as file uploads that could allow denial of service attacks. (CVE-2014-0050) - A security bypass error exists due to the included Apache Struts2 component, allowing manipulation of the ClassLoader via the 'class' parameter, which is directly mapped to the getClass() method. A remote, unauthenticated attacker can take advantage of this issue to manipulate the ClassLoader used by the application server, allowing for the bypass of certain security restrictions. Note that CVE-2014-0112 exists because CVE-2014-0094 was not a complete fix. (CVE-2014-0094, CVE-2014-0112)"); script_set_attribute(attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2014/000257.html"); # https://www.vmware.com/support/vcops/doc/vcops-582-vapp-release-notes.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4d46f364"); # https://www.vmware.com/support/vcops/doc/vcops-582-installable-release-notes.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1fe3ac72"); # http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2081470 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?be20e92d"); script_set_attribute(attribute:"solution", value: "Upgrade to vCenter Operations Manager 5.7.3 / 5.8.2 or later. Alternatively, the vendor has provided a workaround for the security bypass error."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/25"); script_set_attribute(attribute:"patch_publication_date", value:"2014/06/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:vcenter_operations"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/VMware vCenter Operations Manager/Version"); script_require_ports("Services/ssh", 22); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("Host/VMware vCenter Operations Manager/Version"); fix = NULL; # 0.x - 4.x / 5.0.x - 5.6.x # - update with alt. version(s) when patch is available if (version =~ "^([0-4]|5\.[0-6])($|[^0-9])") fix = "5.8.2"; # 5.7.x < 5.7.3 else if (version =~ "^5\.7\." && ver_compare(ver:version, fix:'5.7.3', strict:FALSE) < 0) fix = "5.7.3"; # 5.8.x < 5.8.2 else if (version =~ "^5\.8\." && ver_compare(ver:version, fix:'5.8.2', strict:FALSE) < 0) fix = "5.8.2"; if (!isnull(fix)) { if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_hole(port:0, extra:report); } else security_hole(0); exit(0); } else audit(AUDIT_INST_VER_NOT_VULN, 'VMware vCenter Operations Manager', version);NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL15189.NASL description MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop last seen 2020-06-01 modified 2020-06-02 plugin id 78165 published 2014-10-10 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78165 title F5 Networks BIG-IP : Apache Commons FileUpload vulnerability (K15189) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from F5 Networks BIG-IP Solution K15189. # # The text description of this plugin is (C) F5 Networks. # include("compat.inc"); if (description) { script_id(78165); script_version("1.15"); script_cvs_date("Date: 2019/01/04 10:03:40"); script_cve_id("CVE-2014-0050"); script_bugtraq_id(65400); script_name(english:"F5 Networks BIG-IP : Apache Commons FileUpload vulnerability (K15189)"); script_summary(english:"Checks the BIG-IP version."); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. (CVE-2014-0050)" ); script_set_attribute( attribute:"see_also", value:"https://support.f5.com/csp/article/K15189" ); script_set_attribute( attribute:"solution", value: "Upgrade to one of the non-vulnerable versions listed in the F5 Solution K15189." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"F5 Networks Local Security Checks"); script_dependencies("f5_bigip_detect.nbin"); script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport"); exit(0); } include("f5_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); version = get_kb_item("Host/BIG-IP/version"); if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP"); if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix"); if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules"); sol = "K15189"; vmatrix = make_array(); if (report_paranoia < 2) audit(AUDIT_PARANOID); # AFM vmatrix["AFM"] = make_array(); vmatrix["AFM"]["affected" ] = make_list("11.3.0-11.5.4"); vmatrix["AFM"]["unaffected"] = make_list("12.1.0","12.0.0","11.6.1","11.6.0","11.5.4HF2","11.4.1HF10"); # AM vmatrix["AM"] = make_array(); vmatrix["AM"]["affected" ] = make_list("11.4.0-11.5.4"); vmatrix["AM"]["unaffected"] = make_list("12.1.0","12.0.0","11.6.1","11.6.0","11.5.4HF2","11.4.1HF10"); # APM vmatrix["APM"] = make_array(); vmatrix["APM"]["affected" ] = make_list("11.0.0-11.5.4","10.1.0-10.2.4"); vmatrix["APM"]["unaffected"] = make_list("12.1.0","12.0.0","11.6.1","11.6.0","11.5.4HF2","11.4.1HF10","11.2.1HF16"); # ASM vmatrix["ASM"] = make_array(); vmatrix["ASM"]["affected" ] = make_list("11.0.0-11.5.4","10.0.0-10.2.4"); vmatrix["ASM"]["unaffected"] = make_list("12.1.0","12.0.0","11.6.1","11.6.0","11.5.4HF2","11.4.1HF10","11.2.1HF16"); # AVR vmatrix["AVR"] = make_array(); vmatrix["AVR"]["affected" ] = make_list("11.0.0-11.5.4"); vmatrix["AVR"]["unaffected"] = make_list("12.1.0","12.0.0","11.6.1","11.6.0","11.5.4HF2","11.4.1HF10","11.2.1HF16"); # GTM vmatrix["GTM"] = make_array(); vmatrix["GTM"]["affected" ] = make_list("11.0.0-11.5.4","10.0.0-10.2.4"); vmatrix["GTM"]["unaffected"] = make_list("11.6.1","11.6.0","11.5.4HF2","11.4.1HF10","11.2.1HF16"); # LC vmatrix["LC"] = make_array(); vmatrix["LC"]["affected" ] = make_list("11.0.0-11.5.4","10.0.0-10.2.4"); vmatrix["LC"]["unaffected"] = make_list("12.1.0","12.0.0","11.6.1","11.6.0","11.5.4HF2","11.4.1HF10","11.2.1HF16"); # LTM vmatrix["LTM"] = make_array(); vmatrix["LTM"]["affected" ] = make_list("11.0.0-11.5.4","10.0.0-10.2.4"); vmatrix["LTM"]["unaffected"] = make_list("12.1.0","12.0.0","11.6.1","11.6.0","11.5.4HF2","11.4.1HF10","11.2.1HF16"); # PEM vmatrix["PEM"] = make_array(); vmatrix["PEM"]["affected" ] = make_list("11.3.0-11.5.4"); vmatrix["PEM"]["unaffected"] = make_list("12.1.0","12.0.0","11.6.1","11.6.0","11.5.4HF2","11.4.1HF10"); # PSM vmatrix["PSM"] = make_array(); vmatrix["PSM"]["affected" ] = make_list("11.0.0-11.4.1","10.0.0-10.2.4"); vmatrix["PSM"]["unaffected"] = make_list("11.4.1HF10","11.2.1HF16"); # WAM vmatrix["WAM"] = make_array(); vmatrix["WAM"]["affected" ] = make_list("11.0.0-11.3.0","10.0.0-10.2.4"); vmatrix["WAM"]["unaffected"] = make_list("11.2.1HF16"); # WOM vmatrix["WOM"] = make_array(); vmatrix["WOM"]["affected" ] = make_list("11.0.0-11.3.0","10.0.0-10.2.4"); vmatrix["WOM"]["unaffected"] = make_list("11.2.1HF16"); if (bigip_is_affected(vmatrix:vmatrix, sol:sol)) { if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get()); else security_hole(0); exit(0); } else { tested = bigip_get_tested_modules(); audit_extra = "For BIG-IP module(s) " + tested + ","; if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version); else audit(AUDIT_HOST_NOT, "running any of the affected modules"); }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-056.NASL description Updated apache-commons-fileupload packages fix security vulnerability : It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition (CVE-2014-0050). Tomcat 7 includes an embedded copy of the Apache Commons FileUpload package, and was affected as well. Additionally a build problem with maven was discovered, fixed maven packages is also being provided with this advisory. last seen 2020-06-01 modified 2020-06-02 plugin id 73003 published 2014-03-14 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73003 title Mandriva Linux Security Advisory : apache-commons-fileupload (MDVSA-2014:056) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2014:056. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(73003); script_version("1.6"); script_cvs_date("Date: 2019/08/02 13:32:55"); script_cve_id("CVE-2014-0050"); script_bugtraq_id(65400); script_xref(name:"MDVSA", value:"2014:056"); script_name(english:"Mandriva Linux Security Advisory : apache-commons-fileupload (MDVSA-2014:056)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated apache-commons-fileupload packages fix security vulnerability : It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition (CVE-2014-0050). Tomcat 7 includes an embedded copy of the Apache Commons FileUpload package, and was affected as well. Additionally a build problem with maven was discovered, fixed maven packages is also being provided with this advisory." ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0109.html" ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0110.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-commons-fileupload"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-commons-fileupload-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:maven"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:maven-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat-admin-webapps"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat-docs-webapp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat-el-2.2-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat-jsp-2.2-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat-jsvc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat-lib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat-servlet-3.0-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat-webapps"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", reference:"apache-commons-fileupload-1.2.2-7.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"apache-commons-fileupload-javadoc-1.2.2-7.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"maven-3.0.4-29.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"maven-javadoc-3.0.4-29.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"tomcat-7.0.41-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"tomcat-admin-webapps-7.0.41-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"tomcat-docs-webapp-7.0.41-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"tomcat-el-2.2-api-7.0.41-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"tomcat-javadoc-7.0.41-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"tomcat-jsp-2.2-api-7.0.41-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"tomcat-jsvc-7.0.41-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"tomcat-lib-7.0.41-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"tomcat-servlet-3.0-api-7.0.41-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"tomcat-webapps-7.0.41-1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Windows NASL id ORACLE_WEBCENTER_SITES_APR_2015_CPU.NASL description The Oracle WebCenter Sites installed on the remote host is missing patches from the April 2015 CPU. It is, therefore, affected by multiple vulnerabilities : - A flaw exists within last seen 2020-06-01 modified 2020-06-02 plugin id 83469 published 2015-05-14 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83469 title Oracle WebCenter Sites Multiple Vulnerabilities (April 2015 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(83469); script_version("1.5"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_cve_id("CVE-2014-0050", "CVE-2014-0112"); script_bugtraq_id(65400, 67064); script_name(english:"Oracle WebCenter Sites Multiple Vulnerabilities (April 2015 CPU)"); script_summary(english:"Checks for Oracle 2015 CPU patches."); script_set_attribute(attribute:"synopsis", value: "The website content management system installed on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The Oracle WebCenter Sites installed on the remote host is missing patches from the April 2015 CPU. It is, therefore, affected by multiple vulnerabilities : - A flaw exists within 'MultipartStream.java' in Apache Commons FileUpload when parsing malformed Content-Type headers. A remote attacker, using a crafted header, can exploit this to cause an infinite loop, resulting in a denial of service. (CVE-2014-0050) - ParametersInterceptor in Apache Struts does not properly restrict access to the getClass method. A remote attacker, using a crafted request, can exploit this to manipulate the ClassLoader, thus allowing the execution of arbitrary code. (CVE-2014-0112)"); # http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?56618dc1"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the April 2015 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/06"); script_set_attribute(attribute:"patch_publication_date", value:"2015/04/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_dependencies('oracle_webcenter_sites_installed.nbin'); script_require_keys('SMB/WebCenter_Sites/Installed'); exit(0); } include("audit.inc"); include("global_settings.inc"); include("smb_func.inc"); include("misc_func.inc"); port = kb_smb_transport(); get_kb_item_or_exit('SMB/WebCenter_Sites/Installed'); versions = get_kb_list('SMB/WebCenter_Sites/*/Version'); if (isnull(versions)) exit(1, 'Unable to obtain version list for Oracle WebCenter Sites'); report = ''; foreach key (keys(versions)) { fix = ''; version = versions[key]; revision = get_kb_item(key - '/Version' + '/Revision'); path = get_kb_item(key - '/Version' + '/Path'); if (isnull(version) || isnull(revision)) continue; # Patch 19278850 - 11.1.1.8.0 < Revision 165274 if (version =~ "^11\.1\.1\.8\.0$" && revision < 165274) fix = '\n Fixed Revision : 165274' + '\n Required Patch : 19278850'; # Patch 18846487 - 11.1.1.6.1 < Revision 164040 if (version =~ "^11\.1\.1\.6\.1$" && revision < 164040) fix = '\n Fixed Revision : 164040' + '\n Required Patch : 18846487'; # Patch 20617648 - 7.6.2 < Revision 162566 if (version =~ "^7\.6\.2(\.|$)" && revision < 162566) fix = '\n Fixed Revision : 162566' + '\n Required Patch : 20617648'; if (fix != '') { if (!isnull(path)) report += '\n Path : ' + path; report += '\n Version : ' + version + '\n Revision : ' + revision + fix + '\n'; } } if (report != '') { if (report_verbosity > 0) security_hole(port:port, extra:report); else security_hole(port); } else audit(AUDIT_INST_VER_NOT_VULN, "Oracle WebCenter Sites");NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-297.NASL description This jakarta-commons-fileupload update fixes the follwoing security and non security issues : - bnc#862781: Fixed buffer overflow and resulting DoS (CVE-2014-0050). - Removed gcj part and deprecated macros. - Moved from jpackage-utils to javapackage-tools. last seen 2020-06-05 modified 2014-06-13 plugin id 75324 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75324 title openSUSE Security Update : jakarta-commons-fileupload (openSUSE-SU-2014:0528-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2130-1.NASL description It was discovered that Tomcat incorrectly handled certain inconsistent HTTP headers. A remote attacker could possibly use this flaw to conduct request smuggling attacks. (CVE-2013-4286) It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting in a denial of service. (CVE-2013-4322) It was discovered that Tomcat incorrectly applied the disableURLRewriting setting when handling a session id in a URL. A remote attacker could possibly use this flaw to conduct session fixation attacks. This issue only applied to Ubuntu 12.04 LTS. (CVE-2014-0033) It was discovered that Tomcat incorrectly handled malformed Content-Type headers and multipart requests. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting in a denial of service. This issue only applied to Ubuntu 12.10 and Ubuntu 13.10. (CVE-2014-0050). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2014-03-07 plugin id 72874 published 2014-03-07 reporter Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72874 title Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : tomcat6, tomcat7 vulnerabilities (USN-2130-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0525.NASL description Updated tomcat6 packages that fix multiple security issues are now available for Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests. (CVE-2013-4286) It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. (CVE-2013-4322) It was found that previous fixes in Tomcat 6 to path parameter handling introduced a regression that caused Tomcat to not properly disable URL rewriting to track session IDs when the disableURLRewriting option was enabled. A man-in-the-middle attacker could potentially use this flaw to hijack a user last seen 2020-06-01 modified 2020-06-02 plugin id 76240 published 2014-06-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76240 title RHEL 5 / 6 : JBoss Web Server (RHSA-2014:0525) NASL family Misc. NASL id VMWARE_ORCHESTRATOR_APPLIANCE_VMSA_2014_0007.NASL description The version of VMware vCenter Orchestrator Appliance installed on the remote host is 5.5.x prior to 5.5.2. It is, therefore, affected by a denial of service vulnerability due to an error that exists in the included Apache Tomcat version related to handling last seen 2020-06-01 modified 2020-06-02 plugin id 78670 published 2014-10-24 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78670 title VMware vCenter Orchestrator Appliance 5.5.x < 5.5.2 DoS (VMSA-2014-0007) NASL family Web Servers NASL id WEBSPHERE_8_0_0_9.NASL description IBM WebSphere Application Server 8.0 prior to Fix Pack 9 is running on the remote host. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6323, PI04777 and PI04880) - A denial of service flaw exists within the Global Security Kit when handling SSLv2 resumption during the SSL/TLS handshake. This could allow a remote attacker to crash the program. (CVE-2013-6329, PI05309) - A buffer overflow flaw exists in the HTTP server with the mod_dav module when using add-ons. This could allow a remote attacker to cause a buffer overflow and a denial of service. (CVE-2013-6438, PI09345) - A cross-site scripting flaw exists within OAuth where user input is not properly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6738, PI05661) - A denial of service flaw exists within the Global Security Kit when handling X.509 certificate chain during the initiation of a SSL/TLS connection. A remote attacker, using a malformed certificate chain, could cause the client or server to crash by hanging the Global Security Kit. (CVE-2013-6747, PI09443) - A denial of service flaw exists within the Apache Commons FileUpload when parsing a content-type header for a multipart request. A remote attacker, using a specially crafted request, could crash the program. (CVE-2014-0050, PI12648, PI12926 and PI13162) - A flaw exists in the Elliptic Curve Digital Signature Algorithm implementation which could allow a malicious process to recover ECDSA nonces. (CVE-2014-0076, PI19700) - A denial of service flaw exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 76995 published 2014-08-04 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76995 title IBM WebSphere Application Server 8.0 < Fix Pack 9 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0865.NASL description Updated tomcat6 packages that fix three security issues and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075) It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security. This update also fixes the following bugs : * The patch that resolved the CVE-2014-0050 issue contained redundant code. This update removes the redundant code. (BZ#1094528) * The patch that resolved the CVE-2013-4322 issue contained an invalid check that triggered a java.io.EOFException while reading trailer headers for chunked requests. This update fixes the check and the aforementioned exception is no longer triggered in the described scenario. (BZ#1095602) All Tomcat 6 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 76446 published 2014-07-10 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76446 title RHEL 6 : tomcat6 (RHSA-2014:0865) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-084.NASL description Updated tomcat package fixes security vulnerabilities : It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition (CVE-2014-0050). Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data (CVE-2013-4322). Apache Tomcat 7.x before 7.0.50 allows attackers to obtain Tomcat internals information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2013-4590). Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data (CVE-2014-0075). java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2014-0096). Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header (CVE-2014-0099). Apache Tomcat before 6.0.40 and 7.x before 7.0.54 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or read files associated with different web applications on a single Tomcat instance via a crafted web application (CVE-2014-0119). In Apache Tomcat 7.x before 7.0.55, it was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request (CVE-2014-0227). last seen 2020-06-01 modified 2020-06-02 plugin id 82337 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82337 title Mandriva Linux Security Advisory : tomcat (MDVSA-2015:084) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-344.NASL description It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests. (CVE-2013-4286) It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. (CVE-2013-4322) A denial of service flaw was found in the way Apache Commons FileUpload handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing JBoss Web to enter an infinite loop when processing such an incoming request. (CVE-2014-0050) last seen 2020-06-01 modified 2020-06-02 plugin id 78287 published 2014-10-12 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78287 title Amazon Linux AMI : tomcat6 (ALAS-2014-344) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-0865.NASL description Updated tomcat6 packages that fix three security issues and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075) It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security. This update also fixes the following bugs : * The patch that resolved the CVE-2014-0050 issue contained redundant code. This update removes the redundant code. (BZ#1094528) * The patch that resolved the CVE-2013-4322 issue contained an invalid check that triggered a java.io.EOFException while reading trailer headers for chunked requests. This update fixes the check and the aforementioned exception is no longer triggered in the described scenario. (BZ#1095602) All Tomcat 6 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 76430 published 2014-07-10 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76430 title CentOS 6 : tomcat6 (CESA-2014:0865) NASL family Databases NASL id ORACLE_RDBMS_CPU_OCT_2014.NASL description The remote Oracle database server is missing the October 2014 Critical Patch Update (CPU). It is, therefore, affected by security issues in the following components : - Application Express - Core RDBMS - Java VM - JDBC - JPublisher - SQLJ last seen 2020-06-02 modified 2014-10-17 plugin id 78540 published 2014-10-17 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78540 title Oracle Database Multiple Vulnerabilities (October 2014 CPU) NASL family Misc. NASL id VMWARE_VCENTER_VMSA-2014-0008.NASL description The VMware vCenter Server installed on the remote host is version 5.0 prior to Update 3c, 5.1 prior to Update 3, or 5.5 prior to Update 2. It is, therefore, affected by multiple vulnerabilities in third party libraries : - The bundled version of Apache Struts contains a code execution flaw. Note that 5.0 Update 3c only addresses this vulnerability. (CVE-2014-0114) - The bundled tc-server / Apache Tomcat contains multiple vulnerabilities. (CVE-2013-4590, CVE-2013-4322, and CVE-2014-0050) - The bundled version of Oracle JRE is prior to 1.7.0_55 and thus is affected by multiple vulnerabilities. Note that this only affects version 5.5 of vCenter. last seen 2020-06-01 modified 2020-06-02 plugin id 77728 published 2014-09-17 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77728 title VMware Security Updates for vCenter Server (VMSA-2014-0008) NASL family Fedora Local Security Checks NASL id FEDORA_2014-2183.NASL description This update fixes a denial of service vulnerability which could be triggered by specially crafted input if the buffer used by the MultipartSteeam was not big enough. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-02-18 plugin id 72545 published 2014-02-18 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72545 title Fedora 19 : apache-commons-fileupload-1.3-5.fc19 (2014-2183) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0253.NASL description Updated Red Hat JBoss Enterprise Application Platform 6.2.1 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in the JBoss Web component of JBoss EAP, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing JBoss Web to enter an infinite loop when processing such an incoming request. (CVE-2014-0050) Warning: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. All users of Red Hat JBoss Enterprise Application Platform 6.2.1 on Red Hat Enterprise Linux 5 and 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 72853 published 2014-03-06 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72853 title RHEL 5 / 6 : JBoss EAP (RHSA-2014:0253) NASL family Windows NASL id STRUTS_2_3_16_1_WIN_LOCAL.NASL description This plugin has been deprecated and replaced by struts_2_3_16_1.nasl (plugin ID 117393). last seen 2019-02-21 modified 2018-09-12 plugin id 81105 published 2015-01-30 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=81105 title Apache Struts 2.0.0 < 2.3.16.1 Multiple Vulnerabilities (credentialed check) (Deprecated) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2856.NASL description It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition. last seen 2020-03-17 modified 2014-02-10 plugin id 72401 published 2014-02-10 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72401 title Debian DSA-2856-1 : libcommons-fileupload-java - denial of service NASL family Web Servers NASL id TOMCAT_7_0_52.NASL description According to its self-reported version number, the instance of Apache Tomcat 7.0.x listening on the remote host is prior to 7.0.52. It is, therefore, affected by an error related to handling last seen 2020-03-18 modified 2014-02-25 plugin id 72692 published 2014-02-25 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72692 title Apache Tomcat 7.0.x < 7.0.52 Content-Type DoS NASL family Misc. NASL id STRUTS_2_3_16_1.NASL description The version of Apache Struts running on the remote host is 2.x prior to 2.3.16.2. It, therefore, is affected by multiple vulnerabilities: - A denial of service vulnerability exists in MultipartStrea.java in Apache Commons FileUpload due to failure to handle exceptional conditions. A remote, unauthenticated attacker can exploit this issue to cause the application to enter an infinite loop which may cause a denial of service condition. (CVE-2014-0050) - A class loader manipulation flaw exists in ParameterInterceptor due to improper validation of input data. An attacker can exploit this issue to bypass certain security restriction and manipulate the ClassLoader. (CVE-2015-0094) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 117393 published 2018-09-10 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117393 title Apache Struts 2.x < 2.3.16.2 Multiple Vulnerabilities (S2-020) NASL family Web Servers NASL id WEBSPHERE_8_5_5_2.NASL description IBM WebSphere Application Server 8.5 prior to Fix Pack 8.5.5.2 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - Numerous errors exist related to the included IBM SDK for Java (based on the Oracle JDK) that could allow denial of service attacks and information disclosure. (CVE-2013-5372, CVE-2013-5780, CVE-2013-5803) - User input validation errors exist related to the Administrative console and the Oauth component that could allow cross-site scripting attacks. (CVE-2013-6725 / PM98132, CVE-2013-6323 / PI04777, CVE-2013-6738 / PI05661) - An error exists due to a failure to properly handle by web services endpoint requests that could allow denial of service attacks. (CVE-2013-6325 / PM99450, PI08267) - An error exists in the included IBM Global Security Kit related to SSL handling that could allow denial of service attacks. (CVE-2013-6329 / PI05309) - A flaw exists with the last seen 2020-06-01 modified 2020-06-02 plugin id 74235 published 2014-05-29 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74235 title IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.2 Multiple Vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-0429.NASL description From Red Hat Security Advisory 2014:0429 : Updated tomcat6 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests. (CVE-2013-4286) It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. (CVE-2013-4322) A denial of service flaw was found in the way Apache Commons FileUpload handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing JBoss Web to enter an infinite loop when processing such an incoming request. (CVE-2014-0050) All Tomcat users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 73677 published 2014-04-24 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73677 title Oracle Linux 6 : tomcat6 (ELSA-2014-0429) NASL family CGI abuses NASL id WEBSPHERE_PORTAL_CVE-2014-0050.NASL description The version of IBM WebSphere Portal on the remote host is affected by a denial of service vulnerability in the Apache Commons FileUpload library that allows an attacker to cause the application to enter an infinite loop. last seen 2020-06-01 modified 2020-06-02 plugin id 74293 published 2014-06-03 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74293 title IBM WebSphere Portal Apache Commons FileUpload DoS NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2897.NASL description Multiple security issues were found in the Tomcat servlet and JSP engine : - CVE-2013-2067 FORM authentication associates the most recent request requiring authentication with the current session. By repeatedly sending a request for an authenticated resource while the victim is completing the login form, an attacker could inject a request that would be executed using the victim last seen 2020-03-17 modified 2014-04-09 plugin id 73421 published 2014-04-09 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73421 title Debian DSA-2897-1 : tomcat7 - security update NASL family CGI abuses NASL id ORACLE_EIDS_CPU_OCT_2014.NASL description The remote host is running a version of Oracle Endeca Information Discovery Studio that may be missing a vendor-supplied security patch that fixes multiple bugs and OpenSSL related security vulnerabilities. Note that depending on how the remote host is configured, Nessus may not be able to detect the correct version. You last seen 2020-06-01 modified 2020-06-02 plugin id 78603 published 2014-10-21 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78603 title Oracle Endeca Information Discovery Studio Multiple Vulnerabilities (October 2014 CPU) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-312.NASL description MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop last seen 2020-06-01 modified 2020-06-02 plugin id 73231 published 2014-03-28 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73231 title Amazon Linux AMI : tomcat7 (ALAS-2014-312) NASL family Scientific Linux Local Security Checks NASL id SL_20140423_TOMCAT6_ON_SL6_X.NASL description It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests. (CVE-2013-4286) It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. (CVE-2013-4322) A denial of service flaw was found in the way Apache Commons FileUpload handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing JBoss Web to enter an infinite loop when processing such an incoming request. (CVE-2014-0050) Tomcat must be restarted for this update to take effect. last seen 2020-03-18 modified 2014-04-24 plugin id 73679 published 2014-04-24 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73679 title Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20140423) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-0865.NASL description From Red Hat Security Advisory 2014:0865 : Updated tomcat6 packages that fix three security issues and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075) It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security. This update also fixes the following bugs : * The patch that resolved the CVE-2014-0050 issue contained redundant code. This update removes the redundant code. (BZ#1094528) * The patch that resolved the CVE-2013-4322 issue contained an invalid check that triggered a java.io.EOFException while reading trailer headers for chunked requests. This update fixes the check and the aforementioned exception is no longer triggered in the described scenario. (BZ#1095602) All Tomcat 6 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 76442 published 2014-07-10 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76442 title Oracle Linux 6 : tomcat6 (ELSA-2014-0865) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0429.NASL description Updated tomcat6 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests. (CVE-2013-4286) It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. (CVE-2013-4322) A denial of service flaw was found in the way Apache Commons FileUpload handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing JBoss Web to enter an infinite loop when processing such an incoming request. (CVE-2014-0050) All Tomcat users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 73678 published 2014-04-24 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73678 title RHEL 6 : tomcat6 (RHSA-2014:0429) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2014-0008.NASL description a. vCenter Server Apache Struts Update The Apache Struts library is updated to address a security issue. This issue may lead to remote code execution after authentication. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-0114 to this issue. b. vCenter Server tc-server 2.9.5 / Apache Tomcat 7.0.52 updates tc-server has been updated to version 2.9.5 to address multiple security issues. This version of tc-server includes Apache Tomcat 7.0.52. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2013-4590, CVE-2013-4322, and CVE-2014-0050 to these issues. c. Update to ESXi glibc package glibc is updated to address multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2013-0242 and CVE-2013-1914 to these issues. d. vCenter and Update Manager, Oracle JRE 1.7 Update 55 Oracle has documented the CVE identifiers that are addressed in JRE 1.7.0 update 55 in the Oracle Java SE Critical Patch Update Advisory of April 2014. The References section provides a link to this advisory. last seen 2020-06-01 modified 2020-06-02 plugin id 77630 published 2014-09-11 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77630 title VMSA-2014-0008 : VMware vSphere product updates to third-party libraries NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-0429.NASL description Updated tomcat6 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests. (CVE-2013-4286) It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. (CVE-2013-4322) A denial of service flaw was found in the way Apache Commons FileUpload handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing JBoss Web to enter an infinite loop when processing such an incoming request. (CVE-2014-0050) All Tomcat users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 73675 published 2014-04-24 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73675 title CentOS 6 : tomcat6 (CESA-2014:0429) NASL family CGI abuses NASL id WEBSPHERE_PORTAL_8_0_0_1_CF12.NASL description The version of IBM WebSphere Portal on the remote host is affected by multiple vulnerabilities : - A denial of service vulnerability exists in the Apache Commons FileUpload library that allows an attacker to cause the application to enter an infinite loop. (CVE-2014-0050) - An unspecified denial of service vulnerability exists that allows a remote attacker to crash the host by sending a specially crafted web request. (CVE-2014-0949) - A cross-site scripting (XSS) vulnerability exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 74156 published 2014-05-23 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74156 title IBM WebSphere Portal 8.x < 8.0.0.1 CF12 Multiple Vulnerabilities NASL family Web Servers NASL id WEBSPHERE_7_0_0_33.NASL description IBM WebSphere Application Server 7.0 prior to Fix Pack 33 is running on the remote host. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6323, PI04777 and PI04880) - A denial of service flaw exists within the Global Security Kit when handling SSLv2 resumption during the SSL/TLS handshake. This could allow a remote attacker to crash the program. (CVE-2013-6329, PI05309) - A buffer overflow flaw exists in the HTTP server with the mod_dav module when using add-ons. This could allow a remote attacker to cause a buffer overflow and a denial of service. (CVE-2013-6438, PI09345) - A cross-site scripting flaw exists within OAuth where user input is not properly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6738, PI05661) - A denial of service flaw exists within the Global Security Kit when handling X.509 certificate chain during the initiation of an SSL/TLS connection. A remote attacker, using a malformed certificate chain, could cause the client or server to crash by hanging the Global Security Kit. (CVE-2013-6747, PI09443) - A denial of service flaw exists within the Apache Commons FileUpload when parsing a content-type header for a multipart request. A remote attacker, using a specially crafted request, could crash the program. (CVE-2014-0050, PI12648, PI12926 and PI13162) - A denial of service flaw exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 76967 published 2014-08-01 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76967 title IBM WebSphere Application Server 7.0 < Fix Pack 33 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0526.NASL description Updated tomcat7 packages that fix three security issues are now available for Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests. (CVE-2013-4286) It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. (CVE-2013-4322) A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter an infinite loop when processing such an incoming request. (CVE-2014-0050) All users of Red Hat JBoss Web Server 2.0.1 are advised to upgrade to these updated tomcat7 packages, which contain backported patches to correct these issues. The Red Hat JBoss Web Server process must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 76241 published 2014-06-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76241 title RHEL 5 / 6 : JBoss Web Server (RHSA-2014:0526) NASL family Web Servers NASL id TOMCAT_8_0_3.NASL description According to its self-reported version number, the instance of Apache Tomcat 8.0.x listening on the remote host is a version prior to 8.0.3. It is, therefore, affected by a denial of service vulnerability due to an error related to handling last seen 2020-03-18 modified 2014-02-25 plugin id 72693 published 2014-02-25 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72693 title Apache Tomcat 8.0.x < 8.0.3 Content-Type DoS NASL family Scientific Linux Local Security Checks NASL id SL_20140709_TOMCAT6_ON_SL6_X.NASL description It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075) It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) This update also fixes the following bugs : - The patch that resolved the CVE-2014-0050 issue contained redundant code. This update removes the redundant code. - The patch that resolved the CVE-2013-4322 issue contained an invalid check that triggered a java.io.EOFException while reading trailer headers for chunked requests. This update fixes the check and the aforementioned exception is no longer triggered in the described scenario. Tomcat must be restarted for this update to take effect. last seen 2020-03-18 modified 2014-07-10 plugin id 76450 published 2014-07-10 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76450 title Scientific Linux Security Update : tomcat6 on SL6.x i386/srpm/x86_64 (20140709) NASL family SuSE Local Security Checks NASL id SUSE_11_JAKARTA-COMMONS-FILEUPLOAD-140403.NASL description This update fixes a security issue with jakarta-commons-fileupload : - denial of service due to too-small buffer size used (CVE-2014-0050). (bnc#862781) last seen 2020-06-05 modified 2014-04-18 plugin id 73609 published 2014-04-18 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73609 title SuSE 11.3 Security Update : jakarta-commons-fileupload (SAT Patch Number 9087) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-298.NASL description This jakarta-commons-fileupload update fixes the follwoing security issue : - bnc#862781: Fixed buffer overflow and resulting DoS (CVE-2014-0050). last seen 2020-06-05 modified 2014-06-13 plugin id 75325 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75325 title openSUSE Security Update : jakarta-commons-fileupload (openSUSE-SU-2014:0527-1) NASL family Misc. NASL id VMWARE_ORCHESTRATOR_VMSA_2014_0007.NASL description The version of VMware vCenter Orchestrator installed on the remote host is 5.5.x prior to 5.5.2. It is, therefore, affected by a denial of service vulnerability due to an error that exists in the included Apache Tomcat version related to handling last seen 2020-06-01 modified 2020-06-02 plugin id 78671 published 2014-10-24 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78671 title VMware vCenter Orchestrator 5.5.x < 5.5.2 DoS (VMSA-2014-0007)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
bulletinFamily exploit description BUGTRAQ ID: 65400 CVE(CAN) ID: CVE-2014-0050 Apache Commons FileUpload软件包可以向小服务程序和Web应用添加高性能的文件上传功能。Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache共享文件上传存在解析畸形的Content-Type头时存在漏洞,使用特制的请求,远程攻击者可能会使程序崩溃。 0 Commons FileUpload 1.0-1.3 Apache Tomcat 8.0.0-RC1-8.0.1 Apache Tomcat 7.0.0-7.0.50 Apache Tomcat 6 厂商补丁: Apache ----- 升级到Commons FileUpload 1.3.1, 或者Tomcat 8.0.2, 7.0.51及更高版本修复此漏洞: http://commons.apache.org/ id SSV:61443 last seen 2017-11-19 modified 2014-02-13 published 2014-02-13 reporter Root source https://www.seebug.org/vuldb/ssvid-61443 title Apache Commons FileUpload/Apache Tomcat拒绝服务漏洞 bulletinFamily exploit description No description provided by source. id SSV:84935 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-84935 title Apache Commons FileUpload and Apache Tomcat - Denial-of-Service
References
- http://jvn.jp/en/jp/JVN14876762/index.html
- http://tomcat.apache.org/security-8.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1062337
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017
- http://svn.apache.org/r1565143
- http://tomcat.apache.org/security-7.html
- http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html
- http://rhn.redhat.com/errata/RHSA-2014-0400.html
- http://secunia.com/advisories/57915
- http://www-01.ibm.com/support/docview.wss?uid=swg21676410
- http://secunia.com/advisories/58976
- http://secunia.com/advisories/59232
- http://secunia.com/advisories/59183
- http://secunia.com/advisories/59500
- http://www-01.ibm.com/support/docview.wss?uid=swg21676401
- http://secunia.com/advisories/58075
- http://www-01.ibm.com/support/docview.wss?uid=swg21677724
- http://www-01.ibm.com/support/docview.wss?uid=swg21676853
- http://secunia.com/advisories/59187
- http://www-01.ibm.com/support/docview.wss?uid=swg21675432
- http://secunia.com/advisories/59041
- http://secunia.com/advisories/59185
- http://secunia.com/advisories/59492
- http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html
- http://www.securityfocus.com/bid/65400
- http://secunia.com/advisories/59039
- http://secunia.com/advisories/59725
- http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html
- http://secunia.com/advisories/59399
- http://www-01.ibm.com/support/docview.wss?uid=swg21676656
- http://www-01.ibm.com/support/docview.wss?uid=swg21676403
- http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
- http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html
- http://secunia.com/advisories/59184
- http://www-01.ibm.com/support/docview.wss?uid=swg21676405
- http://www.vmware.com/security/advisories/VMSA-2014-0007.html
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm
- http://secunia.com/advisories/60475
- http://secunia.com/advisories/60753
- http://www-01.ibm.com/support/docview.wss?uid=swg21677691
- http://www-01.ibm.com/support/docview.wss?uid=swg21681214
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
- http://advisories.mageia.org/MGASA-2014-0110.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- http://www-01.ibm.com/support/docview.wss?uid=swg21676091
- http://www-01.ibm.com/support/docview.wss?uid=swg21676092
- http://www-01.ibm.com/support/docview.wss?uid=swg21669554
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://marc.info/?l=bugtraq&m=143136844732487&w=2
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
- http://www.vmware.com/security/advisories/VMSA-2014-0008.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.ubuntu.com/usn/USN-2130-1
- http://www.debian.org/security/2014/dsa-2856
- http://rhn.redhat.com/errata/RHSA-2014-0253.html
- http://rhn.redhat.com/errata/RHSA-2014-0252.html
- http://www.securityfocus.com/archive/1/534161/100/0/threaded
- http://www.securityfocus.com/archive/1/532549/100/0/threaded
- https://security.gentoo.org/glsa/202107-39
- http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907%40apache.org%3E