Vulnerabilities > CVE-2015-5174 - Path Traversal vulnerability in multiple products

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

nessus

NVD

Published: 2016-02-25

Updated: 2023-11-07

Summary

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.

Vulnerable Configurations

Part	Description	Count
OS	Debian Debian Debian Linux 8.0 Debian Debian Linux 7.0	2
OS	Canonical Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 15.10 Canonical Ubuntu Linux 14.04	4
Application	Apache Apache Tomcat 7.0.2 Apache Tomcat 6.0.33 Apache Tomcat 6.0.0 Apache Tomcat 6.0.39 Apache Tomcat 7.0.12 Apache Tomcat 7.0.62 Apache Tomcat 8.0.17 Apache Tomcat 7.0.53 Apache Tomcat 6.0.4 Apache Tomcat 7.0.20 Apache Tomcat 6.0.11 Apache Tomcat 7.0.34 Apache Tomcat 8.0.26 Apache Tomcat 7.0.55 Apache Tomcat 7.0.4 Apache Tomcat 7.0.63 Apache Tomcat 8.0.20 Apache Tomcat 7.0.22 Apache Tomcat 7.0.39 Apache Tomcat 7.0.26 Apache Tomcat 7.0.28 Apache Tomcat 8.0.1 Apache Tomcat 8.0.0 Apache Tomcat 7.0.59 Apache Tomcat 6.0.44 Apache Tomcat 7.0.50 Apache Tomcat 7.0.6 Apache Tomcat 6.0.20 Apache Tomcat 8.0.12 Apache Tomcat 7.0.14 Apache Tomcat 6.0.10 Apache Tomcat 8.0.15 Apache Tomcat 6.0.29 Apache Tomcat 7.0.11 Apache Tomcat 7.0.23 Apache Tomcat 7.0.0 Apache Tomcat 6.0.1 Apache Tomcat 6.0.24 Apache Tomcat 8.0.22 Apache Tomcat 6.0.37 Apache Tomcat 7.0.52 Apache Tomcat 7.0.42 Apache Tomcat 6.0.32 Apache Tomcat 6.0.28 Apache Tomcat 7.0.37 Apache Tomcat 7.0.29 Apache Tomcat 8.0.11 Apache Tomcat 8.0.24 Apache Tomcat 8.0.23 Apache Tomcat 7.0.47 Apache Tomcat 7.0.5 Apache Tomcat 8.0.21 Apache Tomcat 6.0.14 Apache Tomcat 7.0.41 Apache Tomcat 7.0.30 Apache Tomcat 7.0.19 Apache Tomcat 7.0.16 Apache Tomcat 6.0.41 Apache Tomcat 7.0.10 Apache Tomcat 8.0.18 Apache Tomcat 7.0.25 Apache Tomcat 7.0.54 Apache Tomcat 7.0.35 Apache Tomcat 7.0.61 Apache Tomcat 6.0.18 Apache Tomcat 7.0.57 Apache Tomcat 6.0.2 Apache Tomcat 8.0.14 Apache Tomcat 7.0.32 Apache Tomcat 6.0.43 Apache Tomcat 7.0.21 Apache Tomcat 7.0.27 Apache Tomcat 7.0.40 Apache Tomcat 6.0.30 Apache Tomcat 6.0.13 Apache Tomcat 7.0.56 Apache Tomcat 6.0.26 Apache Tomcat 7.0.64 Apache Tomcat 6.0.35 Apache Tomcat 6.0.16 Apache Tomcat 6.0.36 Apache Tomcat 7.0.33	90

Common Weakness Enumeration (CWE)

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Common Attack Pattern Enumeration and Classification (CAPEC)

Relative Path Traversal
An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
Directory Traversal
An attacker with access to file system resources, either directly or via application logic, will use various file path specification or navigation mechanisms such as ".." in path strings and absolute paths to extend their range of access to inappropriate areas of the file system. The attacker attempts to either explore the file system for recon purposes or access directories and files that are intended to be restricted from their access. Exploring the file system can be achieved through constructing paths presented to directory listing programs, such as "ls" and 'dir', or through specially crafted programs that attempt to explore the file system. The attacker engaging in this type of activity is searching for information that can be used later in a more exploitive attack. Access to restricted directories or files can be achieved through modification of path references utilized by system applications.
File System Function Injection, Content Based
An attack of this type exploits the host's trust in executing remote content including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the attacker and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files. The attacker exploits known vulnerabilities or handling routines in the target processes. Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the attacker knows the standard handling routines and can identify vulnerabilities and entry points they can be exploited by otherwise seemingly normal content. Once the attack is executed, the attackers' program can access relative directories such as C:\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.
Using Slashes and URL Encoding Combined to Bypass Validation Logic
This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
Manipulating Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.

Nessus

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-1433.NASL
description	An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.8, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References. Security Fix(es) : * It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks. (CVE-2016-2141) More information about this vulnerability is available at: https:// access.redhat.com/articles/2360521 * A directory traversal flaw was found in Tomcat
last seen	2020-06-01
modified	2020-06-02
plugin id	92451
published	2016-07-20
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/92451
title	RHEL 6 : JBoss EAP (RHSA-2016:1433)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2016:1433. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(92451); script_version("2.14"); script_cvs_date("Date: 2019/10/24 15:35:41"); script_cve_id("CVE-2015-5174", "CVE-2016-2141"); script_xref(name:"RHSA", value:"2016:1433"); script_name(english:"RHEL 6 : JBoss EAP (RHSA-2016:1433)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.8, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References. Security Fix(es) : * It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks. (CVE-2016-2141) More information about this vulnerability is available at: https:// access.redhat.com/articles/2360521 * A directory traversal flaw was found in Tomcat's and JBoss Web's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. (CVE-2015-5174) The CVE-2016-2141 issue was discovered by Dennis Reed (Red Hat)." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2016:1433" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-5174" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-2141" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-cxf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glassfish-jsf-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-validator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hornetq"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-connector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-core-security"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-logging"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-naming"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-picketlink"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-sar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-security"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-system-jmx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-threads"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-version"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-web"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-weld"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-xts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-jsf-api_2.1_spec"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-msc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-appclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-bundles"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-domain"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-standalone"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossweb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:picketlink-bindings"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:picketlink-federation"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xalan-j2-eap6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/25"); script_set_attribute(attribute:"patch_publication_date", value:"2016/07/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2016:1433"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (! (rpm_exists(release:"RHEL6", rpm:"jbossas-welcome-content-eap"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "JBoss EAP"); if (rpm_check(release:"RHEL6", reference:"apache-cxf-2.7.18-2.SP1_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"glassfish-jsf-eap6-2.1.28-11.SP10_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"hibernate4-validator-4.3.3-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"hornetq-2.3.25-13.SP11_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-appclient-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-cli-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-client-all-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-clustering-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-cmp-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-configadmin-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-connector-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-controller-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-controller-client-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-core-security-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-deployment-repository-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-deployment-scanner-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-domain-http-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-domain-management-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-ee-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-ee-deployment-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-ejb3-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-embedded-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-host-controller-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-jacorb-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-jaxr-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-jaxrs-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-jdr-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-jmx-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-jpa-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-jsf-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-jsr77-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-logging-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-mail-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-management-client-content-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-messaging-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-modcluster-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-naming-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-network-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-osgi-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-osgi-configadmin-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-osgi-service-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-picketlink-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-platform-mbean-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-pojo-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-process-controller-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-protocol-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-remoting-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-sar-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-security-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-server-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-system-jmx-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-threads-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-transactions-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-version-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-web-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-webservices-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-weld-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-xts-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-jsf-api_2.1_spec-2.1.28-6.SP2_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-msc-1.1.6-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jbossas-appclient-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jbossas-bundles-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jbossas-core-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jbossas-domain-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jbossas-javadocs-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jbossas-modules-eap-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jbossas-product-eap-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jbossas-standalone-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jbossas-welcome-content-eap-7.5.9-2.Final_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jbossts-4.17.34-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jbossweb-7.5.17-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"picketlink-bindings-2.5.4-11.SP9_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"picketlink-federation-2.5.4-11.SP9_redhat_2.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"xalan-j2-eap6-2.7.1-11.redhat_11.1.ep6.el6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache-cxf / glassfish-jsf-eap6 / hibernate4-validator / hornetq / etc"); } }

NASL family	Junos Local Security Checks
NASL id	JUNIPER_SPACE_JSA_10838.NASL
description	According to its self-reported version number, the remote Junos Space version is prior to 17.2R1. It is, therefore, affected by multiple vulnerabilities.
last seen	2020-06-01
modified	2020-06-02
plugin id	108520
published	2018-03-21
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/108520
title	Juniper Junos Space < 17.2R1 Multiple Vulnerabilities (JSA10838)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(108520); script_version("1.7"); script_cvs_date("Date: 2019/06/11 15:17:50"); script_cve_id( "CVE-2015-5174", "CVE-2015-5188", "CVE-2015-5220", "CVE-2015-5304", "CVE-2015-7236", "CVE-2015-7501", "CVE-2016-2141", "CVE-2016-8743", "CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-12172", "CVE-2017-14106", "CVE-2017-15098", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-5645", "CVE-2017-5664", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788", "CVE-2017-9798", "CVE-2018-0011", "CVE-2018-0012", "CVE-2018-0013" ); script_bugtraq_id( 57974, 76771, 77345, 78215, 79788, 83329, 91481, 95077, 97702, 98888, 99134, 99135, 99137, 99170, 99569, 100262, 100267, 100872, 100878, 101781, 101949 ); script_name(english:"Juniper Junos Space < 17.2R1 Multiple Vulnerabilities (JSA10838)"); script_summary(english:"Checks the version."); script_set_attribute(attribute:"synopsis", value: "The remote device is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the remote Junos Space version is prior to 17.2R1. It is, therefore, affected by multiple vulnerabilities."); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10838"); script_set_attribute(attribute:"solution", value:"Upgrade to Junos Space 17.2R1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/27"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/21"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:juniper:junos_space"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Junos Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Junos_Space/version"); exit(0); } include("junos.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit('Host/Junos_Space/version'); check_junos_space(ver:ver, fix:'17.2R1', severity:SECURITY_HOLE);

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-1432.NASL
description	A jboss-ec2-eap update is now available for Red Hat JBoss Enterprise Application Platform 6.4.0 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2). With this update, the packages have been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.9. Security Fix(es) : * It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks. (CVE-2016-2141) More information about this vulnerability is available at: https:// access.redhat.com/articles/2360521 * A directory traversal flaw was found in Tomcat
last seen	2020-06-01
modified	2020-06-02
plugin id	92401
published	2016-07-19
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/92401
title	RHEL 6 : jboss-ec2-eap (RHSA-2016:1432)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2016:1432. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(92401); script_version("2.14"); script_cvs_date("Date: 2019/10/24 15:35:41"); script_cve_id("CVE-2015-5174", "CVE-2016-2141"); script_xref(name:"RHSA", value:"2016:1432"); script_name(english:"RHEL 6 : jboss-ec2-eap (RHSA-2016:1432)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A jboss-ec2-eap update is now available for Red Hat JBoss Enterprise Application Platform 6.4.0 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2). With this update, the packages have been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.9. Security Fix(es) : * It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks. (CVE-2016-2141) More information about this vulnerability is available at: https:// access.redhat.com/articles/2360521 * A directory traversal flaw was found in Tomcat's and JBoss Web's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. (CVE-2015-5174) The CVE-2016-2141 issue was discovered by Dennis Reed (Red Hat)." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2016:1432" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-5174" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-2141" ); script_set_attribute( attribute:"solution", value: "Update the affected jboss-ec2-eap and / or jboss-ec2-eap-samples packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-ec2-eap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-ec2-eap-samples"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/25"); script_set_attribute(attribute:"patch_publication_date", value:"2016/07/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2016:1432"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", reference:"jboss-ec2-eap-7.5.9-2.Final_redhat_2.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-ec2-eap-samples-7.5.9-2.Final_redhat_2.ep6.el6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jboss-ec2-eap / jboss-ec2-eap-samples"); } }

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2016-2599.NASL
description	From Red Hat Security Advisory 2016:2599 : An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The following packages have been upgraded to a newer upstream version: tomcat (7.0.69). (BZ#1287928) Security Fix(es) : * A CSRF flaw was found in Tomcat
last seen	2020-06-01
modified	2020-06-02
plugin id	94718
published	2016-11-11
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94718
title	Oracle Linux 7 : tomcat (ELSA-2016-2599)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2016:2599 and # Oracle Linux Security Advisory ELSA-2016-2599 respectively. # include("compat.inc"); if (description) { script_id(94718); script_version("2.6"); script_cvs_date("Date: 2019/09/27 13:00:37"); script_cve_id("CVE-2014-0230", "CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763", "CVE-2016-3092"); script_xref(name:"RHSA", value:"2016:2599"); script_name(english:"Oracle Linux 7 : tomcat (ELSA-2016-2599)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2016:2599 : An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The following packages have been upgraded to a newer upstream version: tomcat (7.0.69). (BZ#1287928) Security Fix(es) : * A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351) * It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714) * A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763) * A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092) * A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. (CVE-2015-5174) * It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345) * It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2016-November/006483.html" ); script_set_attribute( attribute:"solution", value:"Update the affected tomcat packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat-admin-webapps"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat-docs-webapp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat-el-2.2-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat-jsp-2.2-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat-jsvc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat-lib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat-servlet-3.0-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tomcat-webapps"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/07"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| !pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"tomcat-7.0.69-10.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"tomcat-admin-webapps-7.0.69-10.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"tomcat-docs-webapp-7.0.69-10.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"tomcat-el-2.2-api-7.0.69-10.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"tomcat-javadoc-7.0.69-10.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"tomcat-jsp-2.2-api-7.0.69-10.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"tomcat-jsvc-7.0.69-10.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"tomcat-lib-7.0.69-10.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"tomcat-servlet-3.0-api-7.0.69-10.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"tomcat-webapps-7.0.69-10.el7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc"); }

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2016-2045.NASL
description	From Red Hat Security Advisory 2016:2045 : An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325) * It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714) * It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388) * A directory traversal flaw was found in Tomcat
last seen	2020-06-01
modified	2020-06-02
plugin id	93947
published	2016-10-11
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/93947
title	Oracle Linux 6 : tomcat6 (ELSA-2016-2045) (httpoxy)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2016-1054.NASL
description	According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.(CVE-2015-5174) - The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.(CVE-2015-5345) - The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.(CVE-2015-5351) - Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.(CVE-2016-0706) - The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.(CVE-2016-0714) - The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.(CVE-2016-0763) - The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.(CVE-2016-3092) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2017-05-01
plugin id	99816
published	2017-05-01
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99816
title	EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2016-1054)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3609.NASL
description	Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections, bypass of the SecurityManager or denial of service.
last seen	2020-06-01
modified	2020-06-02
plugin id	91906
published	2016-07-01
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91906
title	Debian DSA-3609-1 : tomcat8 - security update

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3024-1.NASL
description	It was discovered that Tomcat incorrectly handled pathnames used by web applications in a getResource, getResourceAsStream, or getResourcePaths call. A remote attacker could use this issue to possibly list a parent directory . This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5174) It was discovered that the Tomcat mapper component incorrectly handled redirects. A remote attacker could use this issue to determine the existence of a directory. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5345) It was discovered that Tomcat incorrectly handled different session settings when multiple versions of the same web application was deployed. A remote attacker could possibly use this issue to hijack web sessions. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5346) It was discovered that the Tomcat Manager and Host Manager applications incorrectly handled new requests. A remote attacker could possibly use this issue to bypass CSRF protection mechanisms. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5351) It was discovered that Tomcat did not place StatusManagerServlet on the RestrictedServlets list. A remote attacker could possibly use this issue to read arbitrary HTTP requests, including session ID values. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0706) It was discovered that the Tomcat session-persistence implementation incorrectly handled session attributes. A remote attacker could possibly use this issue to execute arbitrary code in a privileged context. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0714) It was discovered that the Tomcat setGlobalContext method incorrectly checked if callers were authorized. A remote attacker could possibly use this issue to read or wite to arbitrary application data, or cause a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0763) It was discovered that the Tomcat Fileupload library incorrectly handled certain upload requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-3092). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	91954
published	2016-07-06
reporter	Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91954
title	Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : tomcat6, tomcat7 vulnerabilities (USN-3024-1)

NASL family	F5 Networks Local Security Checks
NASL id	F5_BIGIP_SOL30971148.NASL
description	Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. (CVE-2015-5174) Impact A remote authenticated user may bypass the security manager to obtain a directory listing for the directory where the web application was deployed. BIG-IP/Enterprise Manager The level of access required to create and deploy a malicious web application implies a user with a significant trust level (for example: root). BIG-IP and Enterprise Manager systems do not support customized web applications within the Tomcat configuration. Traffix SDC Exploitation of this vulnerability may occur if an attacker has access to the local network of the system; the Tomcat service is accessible only from the internal network.
last seen	2020-03-19
modified	2017-02-28
plugin id	97421
published	2017-02-28
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97421
title	F5 Networks BIG-IP : Apache Tomcat 6.x vulnerability (K30971148)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2016-657.NASL
description	A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. (CVE-2015-5174) A session fixation vulnerability was discovered that might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request when different session settings are used for deployments of multiple versions of the same web application. (CVE-2015-5346) It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. (CVE-2014-7810)
last seen	2020-06-01
modified	2020-06-02
plugin id	89838
published	2016-03-11
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/89838
title	Amazon Linux AMI : tomcat7 (ALAS-2016-657)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-384.NASL
description	This update for tomcat fixes the following issues : Tomcat 8 was updated from 8.0.23 to 8.0.32, to fix bugs and security issues. Fixed security issues : - CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. (bsc#967967) - CVE-2015-5346: Session fixation vulnerability in Apache Tomcat when different session settings are used for deployments of multiple versions of the same web application, might have allowed remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java. (bsc#967814) - CVE-2015-5345: The Mapper component in Apache Tomcat processes redirects before considering security constraints and Filters, which allowed remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. (bsc#967965) - CVE-2015-5351: The (1) Manager and (2) Host Manager applications in Apache Tomcat established sessions and send CSRF tokens for arbitrary new requests, which allowed remote attackers to bypass a CSRF protection mechanism by using a token. (bsc#967812) - CVE-2016-0706: Apache Tomcat did not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allowed remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. (bsc#967815) - CVE-2016-0714: The session-persistence implementation in Apache Tomcat mishandled session attributes, which allowed remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. (bsc#967964) - CVE-2016-0763: The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat did not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allowed remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context. (bsc#967966) The full changes can be read on: http://tomcat.apache.org/tomcat-8.0-doc/changelog.html This update was imported from the SUSE:SLE-12-SP1:Update update project.
last seen	2020-06-05
modified	2016-03-24
plugin id	90136
published	2016-03-24
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/90136
title	openSUSE Security Update : tomcat (openSUSE-2016-384)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3552.NASL
description	Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in information disclosure, the bypass of CSRF protections and bypass of the SecurityManager.
last seen	2020-06-01
modified	2020-06-02
plugin id	90552
published	2016-04-18
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90552
title	Debian DSA-3552-1 : tomcat7 - security update

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-2045.NASL
description	An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325) * It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714) * It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388) * A directory traversal flaw was found in Tomcat
last seen	2020-06-01
modified	2020-06-02
plugin id	93950
published	2016-10-11
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/93950
title	RHEL 6 : tomcat6 (RHSA-2016:2045) (httpoxy)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20161010_TOMCAT6_ON_SL6_X.NASL
description	Security Fix(es) : - It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325) - It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714) - It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388) - A directory traversal flaw was found in Tomcat
last seen	2020-03-18
modified	2016-10-12
plugin id	94004
published	2016-10-12
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94004
title	Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20161010) (httpoxy)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2016-2599.NASL
description	An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The following packages have been upgraded to a newer upstream version: tomcat (7.0.69). (BZ#1287928) Security Fix(es) : * A CSRF flaw was found in Tomcat
last seen	2020-06-01
modified	2020-06-02
plugin id	95345
published	2016-11-28
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95345
title	CentOS 7 : tomcat (CESA-2016:2599)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20161103_TOMCAT_ON_SL7_X.NASL
description	The following packages have been upgraded to a newer upstream version: tomcat (7.0.69). Security Fix(es) : - A CSRF flaw was found in Tomcat
last seen	2020-03-18
modified	2016-12-15
plugin id	95863
published	2016-12-15
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95863
title	Scientific Linux Security Update : tomcat on SL7.x (noarch) (20161103)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3530.NASL
description	Multiple security vulnerabilities have been fixed in the Tomcat servlet and JSP engine, which may result on bypass of security manager restrictions, information disclosure, denial of service or session fixation.
last seen	2020-06-01
modified	2020-06-02
plugin id	90205
published	2016-03-28
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90205
title	Debian DSA-3530-1 : tomcat6 - security update

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-2660.NASL
description	Updated Red Hat JBoss Web Server 3.0.2 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and prevent further, legitimate connections to the Tomcat server. (CVE-2014-0230) A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header restrictions defined with mod_headers. (CVE-2013-5704) Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183) * This enhancement update adds the Red Hat JBoss Web Server 3.0.2 packages to Red Hat Enterprise Linux 7. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-229) Users of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement.
last seen	2020-06-01
modified	2020-06-02
plugin id	87458
published	2015-12-17
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87458
title	RHEL 7 : JBoss Web Server (RHSA-2015:2660)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-435.NASL
description	Tomcat 6, an implementation of the Java Servlet and the JavaServer Pages (JSP) specifications and a pure Java web server environment, was affected by multiple security issues prior version 6.0.45. CVE-2015-5174 Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. CVE-2015-5345 The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.67, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. CVE-2015-5351 The Manager and Host Manager applications in Apache Tomcat establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token. CVE-2016-0706 Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache /catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. CVE-2016-0714 The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. CVE-2016-0763 The setGlobalContext method in org/apache/naming/factory /ResourceLinkFactory.java in Apache Tomcat does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context. For Debian 6
last seen	2020-03-17
modified	2016-02-29
plugin id	88996
published	2016-02-29
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88996
title	Debian DLA-435-1 : tomcat6 security update

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-1434.NASL
description	An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.8, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References. Security Fix(es) : * It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks. (CVE-2016-2141) More information about this vulnerability is available at: https:// access.redhat.com/articles/2360521 * A directory traversal flaw was found in Tomcat
last seen	2020-06-01
modified	2020-06-02
plugin id	112244
published	2018-09-04
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/112244
title	RHEL 7 : JBoss EAP (RHSA-2016:1434)

NASL family	Web Servers
NASL id	TOMCAT_7_0_65.NASL
description	According to its self-reported version number, the Apache Tomcat instance listening on the remote host is 7.0.x prior to 7.0.65, or 8.0.x prior to 8.0.27. It is, therefore, affected by the following vulnerability: - A directory traversal vulnerability exists in Tomcat when accessing resources via ServletContext methods using paths beginning with
last seen	2020-03-18
modified	2019-01-11
plugin id	121117
published	2019-01-11
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121117
title	Apache Tomcat 7.0.x < 7.0.65 / 8.0.x < 8.0.27 Directory Traversal

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2016-2045.NASL
description	An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325) * It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714) * It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388) * A directory traversal flaw was found in Tomcat
last seen	2020-06-01
modified	2020-06-02
plugin id	93965
published	2016-10-12
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/93965
title	CentOS 6 : tomcat6 (CESA-2016:2045) (httpoxy)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2016-658.NASL
description	A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. (CVE-2015-5174) The Mapper component processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. (CVE-2015-5345) It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. (CVE-2014-7810)
last seen	2020-06-01
modified	2020-06-02
plugin id	89839
published	2016-03-11
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/89839
title	Amazon Linux AMI : tomcat8 (ALAS-2016-658)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2016-681.NASL
description	A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. (CVE-2015-5174) The Mapper component processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. (CVE-2015-5345) The session-persistence implementation was discovered to mishandle session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. (CVE-2016-0714) It was discovered that org.apache.catalina.manager.StatusManagerServlet was not placed on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. (CVE-2016-0706)
last seen	2020-06-01
modified	2020-06-02
plugin id	90274
published	2016-04-01
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/90274
title	Amazon Linux AMI : tomcat6 (ALAS-2016-681)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-2599.NASL
description	An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The following packages have been upgraded to a newer upstream version: tomcat (7.0.69). (BZ#1287928) Security Fix(es) : * A CSRF flaw was found in Tomcat
last seen	2020-06-01
modified	2020-06-02
plugin id	94562
published	2016-11-04
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94562
title	RHEL 7 : tomcat (RHSA-2016:2599)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201705-09.NASL
description	The remote host is affected by the vulnerability described in GLSA-201705-09 (Apache Tomcat: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to cause a Denial of Service condition, obtain sensitive information, bypass protection mechanisms and authentication restrictions. A local attacker, who is a tomcat’s system user or belongs to tomcat’s group, could potentially escalate privileges. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	100262
published	2017-05-18
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/100262
title	GLSA-201705-09 : Apache Tomcat: Multiple vulnerabilities

NASL family	Web Servers
NASL id	TOMCAT_6_0_45.NASL
description	According to its self-reported version number, the Apache Tomcat service running on the remote host is 6.0.x prior to 6.0.45. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the getResource(), getResourceAsStream(), and getResourcePaths() ServletContext methods due to a failure to properly sanitize user-supplied input. An unauthenticated, remote attacker can exploit this, via a crafted path traversal request, to gain access to the listing of directory contents. (CVE-2015-5174) - An information disclosure vulnerability exists due to a failure to enforce access restrictions when handling directory requests that are missing trailing slashes. An unauthenticated, remote attacker can exploit this to enumerate valid directories. (CVE-2015-5345) - An information disclosure vulnerability exists that allows a specially crafted web application to load the StatusManagerServlet. An attacker can exploit this to gain unauthorized access to a list of all deployed applications and a list of the HTTP request lines for all requests currently being processed. (CVE-2016-0706) - A security bypass vulnerability exists due to a flaw in the StandardManager, PersistentManager, and cluster implementations that is triggered when handling persistent sessions. An unauthenticated, remote attacker can exploit this, via a crafted object in a session, to bypass the security manager and execute arbitrary code. (CVE-2016-0714) Note that Nessus has not attempted to exploit these issues but has instead relied only on the application
last seen	2020-03-18
modified	2016-02-24
plugin id	88935
published	2016-02-24
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/88935
title	Apache Tomcat 6.0.x < 6.0.45 Multiple Vulnerabilities

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-2659.NASL
description	Updated Red Hat JBoss Web Server 3.0.2 packages are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and prevent further, legitimate connections to the Tomcat server. (CVE-2014-0230) A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header restrictions defined with mod_headers. (CVE-2013-5704) Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183) * This enhancement update adds the Red Hat JBoss Web Server 3.0.2 packages to Red Hat Enterprise Linux 6. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-228) Users of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement.
last seen	2020-06-01
modified	2020-06-02
plugin id	87457
published	2015-12-17
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87457
title	RHEL 6 : JBoss Web Server (RHSA-2015:2659)

Redhat

advisories

rhsa
id RHSA-2016:1432
rhsa
id RHSA-2016:1433
rhsa
id RHSA-2016:1434
rhsa
id RHSA-2016:1435
rhsa
id RHSA-2016:2045
rhsa
id RHSA-2016:2599

rpms

tomcat7-0:7.0.54-21_patch_05.ep6.el5
tomcat7-0:7.0.54-21_patch_05.ep6.el6
tomcat7-0:7.0.54-21_patch_05.ep6.el7
tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el5
tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el6
tomcat7-admin-webapps-0:7.0.54-21_patch_05.ep6.el7
tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el5
tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el6
tomcat7-docs-webapp-0:7.0.54-21_patch_05.ep6.el7
tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el5
tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el6
tomcat7-el-2.2-api-0:7.0.54-21_patch_05.ep6.el7
tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el5
tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el6
tomcat7-javadoc-0:7.0.54-21_patch_05.ep6.el7
tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el5
tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el6
tomcat7-jsp-2.2-api-0:7.0.54-21_patch_05.ep6.el7
tomcat7-lib-0:7.0.54-21_patch_05.ep6.el5
tomcat7-lib-0:7.0.54-21_patch_05.ep6.el6
tomcat7-lib-0:7.0.54-21_patch_05.ep6.el7
tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el5
tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el6
tomcat7-log4j-0:7.0.54-21_patch_05.ep6.el7
tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el5
tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el6
tomcat7-maven-devel-0:7.0.54-21_patch_05.ep6.el7
tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el5
tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el6
tomcat7-servlet-3.0-api-0:7.0.54-21_patch_05.ep6.el7
tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el5
tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el6
tomcat7-webapps-0:7.0.54-21_patch_05.ep6.el7
apache-commons-collections-eap6-0:3.2.1-18.redhat_7.1.ep6.el6
apache-commons-collections-tomcat-eap6-0:3.2.1-18.redhat_7.1.ep6.el6
httpd24-0:2.4.6-59.ep7.el6
httpd24-debuginfo-0:2.4.6-59.ep7.el6
httpd24-devel-0:2.4.6-59.ep7.el6
httpd24-manual-0:2.4.6-59.ep7.el6
httpd24-tools-0:2.4.6-59.ep7.el6
mod_bmx-0:0.9.5-7.GA.ep7.el6
mod_bmx-debuginfo-0:0.9.5-7.GA.ep7.el6
mod_cluster-native-0:1.3.1-6.Final_redhat_2.ep7.el6
mod_cluster-native-debuginfo-0:1.3.1-6.Final_redhat_2.ep7.el6
mod_ldap24-0:2.4.6-59.ep7.el6
mod_proxy24_html-1:2.4.6-59.ep7.el6
mod_session24-0:2.4.6-59.ep7.el6
mod_ssl24-1:2.4.6-59.ep7.el6
tomcat-vault-0:1.0.8-4.Final_redhat_4.1.ep7.el6
tomcat7-0:7.0.59-42_patch_01.ep7.el6
tomcat7-admin-webapps-0:7.0.59-42_patch_01.ep7.el6
tomcat7-docs-webapp-0:7.0.59-42_patch_01.ep7.el6
tomcat7-el-2.2-api-0:7.0.59-42_patch_01.ep7.el6
tomcat7-javadoc-0:7.0.59-42_patch_01.ep7.el6
tomcat7-jsp-2.2-api-0:7.0.59-42_patch_01.ep7.el6
tomcat7-lib-0:7.0.59-42_patch_01.ep7.el6
tomcat7-log4j-0:7.0.59-42_patch_01.ep7.el6
tomcat7-servlet-3.0-api-0:7.0.59-42_patch_01.ep7.el6
tomcat7-webapps-0:7.0.59-42_patch_01.ep7.el6
tomcat8-0:8.0.18-52_patch_01.ep7.el6
tomcat8-admin-webapps-0:8.0.18-52_patch_01.ep7.el6
tomcat8-docs-webapp-0:8.0.18-52_patch_01.ep7.el6
tomcat8-el-2.2-api-0:8.0.18-52_patch_01.ep7.el6
tomcat8-javadoc-0:8.0.18-52_patch_01.ep7.el6
tomcat8-jsp-2.3-api-0:8.0.18-52_patch_01.ep7.el6
tomcat8-lib-0:8.0.18-52_patch_01.ep7.el6
tomcat8-log4j-0:8.0.18-52_patch_01.ep7.el6
tomcat8-servlet-3.1-api-0:8.0.18-52_patch_01.ep7.el6
tomcat8-webapps-0:8.0.18-52_patch_01.ep7.el6
apache-commons-collections-eap6-0:3.2.1-18.redhat_7.1.ep6.el7
apache-commons-collections-tomcat-eap6-0:3.2.1-18.redhat_7.1.ep6.el7
httpd24-0:2.4.6-59.ep7.el7
httpd24-debuginfo-0:2.4.6-59.ep7.el7
httpd24-devel-0:2.4.6-59.ep7.el7
httpd24-manual-0:2.4.6-59.ep7.el7
httpd24-tools-0:2.4.6-59.ep7.el7
mod_bmx-0:0.9.5-7.GA.ep7.el7
mod_bmx-debuginfo-0:0.9.5-7.GA.ep7.el7
mod_cluster-native-0:1.3.1-6.Final_redhat_2.ep7.el7
mod_cluster-native-debuginfo-0:1.3.1-6.Final_redhat_2.ep7.el7
mod_ldap24-0:2.4.6-59.ep7.el7
mod_proxy24_html-1:2.4.6-59.ep7.el7
mod_session24-0:2.4.6-59.ep7.el7
mod_ssl24-1:2.4.6-59.ep7.el7
tomcat-vault-0:1.0.8-4.Final_redhat_4.1.ep7.el7
tomcat7-0:7.0.59-42_patch_01.ep7.el7
tomcat7-admin-webapps-0:7.0.59-42_patch_01.ep7.el7
tomcat7-docs-webapp-0:7.0.59-42_patch_01.ep7.el7
tomcat7-el-2.2-api-0:7.0.59-42_patch_01.ep7.el7
tomcat7-javadoc-0:7.0.59-42_patch_01.ep7.el7
tomcat7-jsp-2.2-api-0:7.0.59-42_patch_01.ep7.el7
tomcat7-lib-0:7.0.59-42_patch_01.ep7.el7
tomcat7-log4j-0:7.0.59-42_patch_01.ep7.el7
tomcat7-servlet-3.0-api-0:7.0.59-42_patch_01.ep7.el7
tomcat7-webapps-0:7.0.59-42_patch_01.ep7.el7
tomcat8-0:8.0.18-52_patch_01.ep7.el7
tomcat8-admin-webapps-0:8.0.18-52_patch_01.ep7.el7
tomcat8-docs-webapp-0:8.0.18-52_patch_01.ep7.el7
tomcat8-el-2.2-api-0:8.0.18-52_patch_01.ep7.el7
tomcat8-javadoc-0:8.0.18-52_patch_01.ep7.el7
tomcat8-jsp-2.3-api-0:8.0.18-52_patch_01.ep7.el7
tomcat8-lib-0:8.0.18-52_patch_01.ep7.el7
tomcat8-log4j-0:8.0.18-52_patch_01.ep7.el7
tomcat8-servlet-3.1-api-0:8.0.18-52_patch_01.ep7.el7
tomcat8-webapps-0:8.0.18-52_patch_01.ep7.el7
jboss-ec2-eap-0:7.5.9-2.Final_redhat_2.ep6.el6
jboss-ec2-eap-samples-0:7.5.9-2.Final_redhat_2.ep6.el6
apache-cxf-0:2.7.18-2.SP1_redhat_1.1.ep6.el6
glassfish-jsf-eap6-0:2.1.28-11.SP10_redhat_1.1.ep6.el6
hibernate4-validator-0:4.3.3-1.Final_redhat_1.1.ep6.el6
hornetq-0:2.3.25-13.SP11_redhat_1.1.ep6.el6
jboss-as-appclient-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-cli-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-client-all-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-clustering-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-cmp-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-configadmin-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-connector-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-controller-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-controller-client-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-core-security-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-deployment-repository-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-deployment-scanner-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-domain-http-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-domain-management-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-ee-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-ee-deployment-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-ejb3-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-embedded-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-host-controller-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-jacorb-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-jaxr-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-jaxrs-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-jdr-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-jmx-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-jpa-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-jsf-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-jsr77-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-logging-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-mail-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-management-client-content-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-messaging-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-modcluster-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-naming-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-network-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-osgi-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-osgi-configadmin-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-osgi-service-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-picketlink-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-platform-mbean-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-pojo-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-process-controller-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-protocol-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-remoting-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-sar-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-security-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-server-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-system-jmx-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-threads-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-transactions-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-version-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-web-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-webservices-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-weld-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-as-xts-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jboss-jsf-api_2.1_spec-0:2.1.28-6.SP2_redhat_1.1.ep6.el6
jboss-msc-0:1.1.6-1.Final_redhat_1.1.ep6.el6
jbossas-appclient-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jbossas-bundles-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jbossas-core-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jbossas-domain-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jbossas-javadocs-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jbossas-modules-eap-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jbossas-product-eap-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jbossas-standalone-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jbossas-welcome-content-eap-0:7.5.9-2.Final_redhat_2.1.ep6.el6
jbossts-1:4.17.34-1.Final_redhat_1.1.ep6.el6
jbossweb-0:7.5.17-1.Final_redhat_1.1.ep6.el6
picketlink-bindings-0:2.5.4-11.SP9_redhat_2.1.ep6.el6
picketlink-federation-0:2.5.4-11.SP9_redhat_2.1.ep6.el6
xalan-j2-eap6-0:2.7.1-11.redhat_11.1.ep6.el6
apache-cxf-0:2.7.18-2.SP1_redhat_1.1.ep6.el7
glassfish-jsf-eap6-0:2.1.28-11.SP10_redhat_1.1.ep6.el7
hibernate4-validator-0:4.3.3-1.Final_redhat_1.1.ep6.el7
hornetq-0:2.3.25-13.SP11_redhat_1.1.ep6.el7
jboss-as-appclient-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-cli-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-client-all-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-clustering-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-cmp-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-configadmin-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-connector-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-controller-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-controller-client-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-core-security-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-deployment-repository-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-deployment-scanner-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-domain-http-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-domain-management-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-ee-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-ee-deployment-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-ejb3-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-embedded-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-host-controller-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-jacorb-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-jaxr-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-jaxrs-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-jdr-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-jmx-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-jpa-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-jsf-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-jsr77-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-logging-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-mail-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-management-client-content-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-messaging-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-modcluster-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-naming-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-network-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-osgi-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-osgi-configadmin-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-osgi-service-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-picketlink-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-platform-mbean-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-pojo-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-process-controller-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-protocol-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-remoting-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-sar-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-security-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-server-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-system-jmx-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-threads-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-transactions-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-version-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-web-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-webservices-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-weld-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-as-xts-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jboss-jsf-api_2.1_spec-0:2.1.28-6.SP2_redhat_1.1.ep6.el7
jboss-msc-0:1.1.6-1.Final_redhat_1.1.ep6.el7
jbossas-appclient-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jbossas-bundles-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jbossas-core-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jbossas-domain-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jbossas-javadocs-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jbossas-modules-eap-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jbossas-product-eap-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jbossas-standalone-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jbossas-welcome-content-eap-0:7.5.9-2.Final_redhat_2.1.ep6.el7
jbossts-1:4.17.34-1.Final_redhat_1.1.ep6.el7
jbossweb-0:7.5.17-1.Final_redhat_1.1.ep6.el7
picketlink-bindings-0:2.5.4-11.SP9_redhat_2.1.ep6.el7
picketlink-federation-0:2.5.4-11.SP9_redhat_2.1.ep6.el7
xalan-j2-eap6-0:2.7.1-11.redhat_11.1.ep6.el7
tomcat6-0:6.0.24-98.el6_8
tomcat6-admin-webapps-0:6.0.24-98.el6_8
tomcat6-docs-webapp-0:6.0.24-98.el6_8
tomcat6-el-2.1-api-0:6.0.24-98.el6_8
tomcat6-javadoc-0:6.0.24-98.el6_8
tomcat6-jsp-2.1-api-0:6.0.24-98.el6_8
tomcat6-lib-0:6.0.24-98.el6_8
tomcat6-servlet-2.5-api-0:6.0.24-98.el6_8
tomcat6-webapps-0:6.0.24-98.el6_8
tomcat-0:7.0.69-10.el7
tomcat-admin-webapps-0:7.0.69-10.el7
tomcat-docs-webapp-0:7.0.69-10.el7
tomcat-el-2.2-api-0:7.0.69-10.el7
tomcat-javadoc-0:7.0.69-10.el7
tomcat-jsp-2.2-api-0:7.0.69-10.el7
tomcat-jsvc-0:7.0.69-10.el7
tomcat-lib-0:7.0.69-10.el7
tomcat-servlet-3.0-api-0:7.0.69-10.el7
tomcat-webapps-0:7.0.69-10.el7