Vulnerabilities > CVE-2018-11784 - Open Redirect vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Fake the Source of Data An adversary provides data under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or it might be an attempt by the adversary to assume the rights granted to another identity. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1504.NASL description This update for tomcat to 9.0.12 fixes the following issues : See the full changelog at: http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.12_( markt) Security issues fixed : - CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a directory (e.g. redirecting to last seen 2020-06-05 modified 2018-12-10 plugin id 119540 published 2018-12-10 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119540 title openSUSE Security Update : tomcat (openSUSE-2018-1504) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2018-1504. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(119540); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-11784"); script_name(english:"openSUSE Security Update : tomcat (openSUSE-2018-1504)"); script_summary(english:"Check for the openSUSE-2018-1504 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for tomcat to 9.0.12 fixes the following issues : See the full changelog at: http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.12_( markt) Security issues fixed : - CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. (bsc#1110850) This update was imported from the SUSE:SLE-15:Update update project." ); # http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.12_(markt script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b6d8ffdc" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110850" ); script_set_attribute( attribute:"solution", value:"Update the affected tomcat packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat-admin-webapps"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat-docs-webapp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat-el-3_0-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat-embed"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat-jsvc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat-lib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat-servlet-4_0-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat-webapps"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"tomcat-9.0.12-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"tomcat-admin-webapps-9.0.12-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"tomcat-docs-webapp-9.0.12-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"tomcat-el-3_0-api-9.0.12-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"tomcat-embed-9.0.12-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"tomcat-javadoc-9.0.12-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"tomcat-jsp-2_3-api-9.0.12-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"tomcat-jsvc-9.0.12-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"tomcat-lib-9.0.12-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"tomcat-servlet-4_0-api-9.0.12-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"tomcat-webapps-9.0.12-lp150.2.6.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc"); }NASL family Misc. NASL id ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2019_CPU.NASL description The version of Oracle Secure Global Desktop installed on the remote host is 5.4 and is missing a security patch from the January 2019 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities: - A denial of service (DoS) vulnerability exists in Apache HTTP Server 2.4.17 to 2.4.34, due to a design error. An unauthenticated, remote attacker can exploit this issue by sending continuous, large SETTINGS frames to cause a client to occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. (CVE-2018-11763). - An unvalidated redirect vulnerability exists in the default servlet in Apache Tomcat due to improper input validation. An unauthenticated remote attack can exploit this issue via a specially crafted URL to cause the redirect to be generated to any URI of the attackers choice. (CVE-2018-11784) last seen 2020-06-01 modified 2020-06-02 plugin id 121601 published 2019-02-05 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121601 title Oracle Secure Global Desktop Multiple Vulnerabilities (January 2019 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(121601); script_version("1.3"); script_cvs_date("Date: 2019/10/31 15:18:51"); script_cve_id("CVE-2018-11763", "CVE-2018-11784"); script_bugtraq_id(105414, 105524); script_name(english:"Oracle Secure Global Desktop Multiple Vulnerabilities (January 2019 CPU)"); script_summary(english:"Checks the version of Oracle Secure Global Desktop."); script_set_attribute(attribute:"synopsis", value: "An application installed on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Oracle Secure Global Desktop installed on the remote host is 5.4 and is missing a security patch from the January 2019 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities: - A denial of service (DoS) vulnerability exists in Apache HTTP Server 2.4.17 to 2.4.34, due to a design error. An unauthenticated, remote attacker can exploit this issue by sending continuous, large SETTINGS frames to cause a client to occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. (CVE-2018-11763). - An unvalidated redirect vulnerability exists in the default servlet in Apache Tomcat due to improper input validation. An unauthenticated remote attack can exploit this issue via a specially crafted URL to cause the redirect to be generated to any URI of the attackers choice. (CVE-2018-11784)"); # https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixOVIR script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0dcafb3e"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the January 2019 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-11784"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/25"); script_set_attribute(attribute:"patch_publication_date", value:"2019/01/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/05"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:virtualization_secure_global_desktop"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_secure_global_desktop_installed.nbin"); script_require_keys("Host/Oracle_Secure_Global_Desktop/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); app = "Oracle Secure Global Desktop"; version = get_kb_item_or_exit("Host/Oracle_Secure_Global_Desktop/Version"); # this check is for Oracle Secure Global Desktop packages built for Linux platform uname = get_kb_item_or_exit("Host/uname"); if ("Linux" >!< uname) audit(AUDIT_OS_NOT, "Linux"); fix_required = NULL; if (version =~ "^5\.40($|\.)") fix_required = 'Patch_54p3'; if (isnull(fix_required)) audit(AUDIT_INST_VER_NOT_VULN, "Oracle Secure Global Desktop", version); patches = get_kb_list("Host/Oracle_Secure_Global_Desktop/Patches"); patched = FALSE; foreach patch (patches) { if (patch == fix_required) { patched = TRUE; break; } } if (patched) audit(AUDIT_INST_VER_NOT_VULN, app, version + ' (with ' + fix_required + ')'); report = '\n Installed version : ' + version + '\n Patch required : ' + fix_required + '\n'; security_report_v4(port:0, extra:report, severity:SECURITY_WARNING);NASL family Web Servers NASL id TOMCAT_8_5_34.NASL description The version of Apache Tomcat installed on the remote host is 8.5.x prior to 8.5.34. It is, therefore, affected by a open redirect vulnerability. last seen 2020-03-18 modified 2018-10-10 plugin id 118036 published 2018-10-10 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118036 title Apache Tomcat 8.5.x < 8.5.34 Open Redirect Weakness code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(118036); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/11"); script_cve_id("CVE-2018-11784"); script_name(english:"Apache Tomcat 8.5.x < 8.5.34 Open Redirect Weakness"); script_summary(english:"Checks the Apache Tomcat version."); script_set_attribute(attribute:"synopsis", value: "The remote Apache Tomcat server is affected by a open redirect vulnerability."); script_set_attribute(attribute:"description", value: "The version of Apache Tomcat installed on the remote host is 8.5.x prior to 8.5.34. It is, therefore, affected by a open redirect vulnerability."); # http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.34 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1bddf0bb"); script_set_attribute(attribute:"solution", value: "Upgrade to Apache Tomcat version 8.5.34 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-11784"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/03"); script_set_attribute(attribute:"patch_publication_date", value:"2018/09/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/10"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:tomcat"); script_set_attribute(attribute:"agent", value:"all"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("tomcat_error_version.nasl", "tomcat_win_installed.nbin", "apache_tomcat_nix_installed.nbin"); script_require_keys("installed_sw/Apache Tomcat"); exit(0); } include("tomcat_version.inc"); tomcat_check_version(min:"8.5.0", fixed:"8.5.34", severity:SECURITY_WARNING, granularity_regex:"^8(\.5)?$");NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1814.NASL description This update for virtualbox to version 6.0.10 fixes the following issues : Security issues fixed : - CVE-2019-2859 CVE-2019-2867 CVE-2019-2866 CVE-2019-2864 CVE-2019-2865 CVE-2019-1543 CVE-2019-2863 CVE-2019-2848 CVE-2019-2877 CVE-2019-2873 CVE-2019-2874 CVE-2019-2875 CVE-2019-2876 CVE-2019-2850 (boo#1141801) last seen 2020-06-01 modified 2020-06-02 plugin id 127734 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127734 title openSUSE Security Update : virtualbox (openSUSE-2019-1814) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-1814. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(127734); script_version("1.3"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2018-0734", "CVE-2018-11763", "CVE-2018-11784", "CVE-2018-3288", "CVE-2018-3289", "CVE-2018-3290", "CVE-2018-3291", "CVE-2018-3292", "CVE-2018-3293", "CVE-2018-3294", "CVE-2018-3295", "CVE-2018-3296", "CVE-2018-3297", "CVE-2018-3298", "CVE-2019-1543", "CVE-2019-2446", "CVE-2019-2448", "CVE-2019-2450", "CVE-2019-2451", "CVE-2019-2508", "CVE-2019-2509", "CVE-2019-2511", "CVE-2019-2525", "CVE-2019-2527", "CVE-2019-2554", "CVE-2019-2555", "CVE-2019-2556", "CVE-2019-2574", "CVE-2019-2656", "CVE-2019-2657", "CVE-2019-2678", "CVE-2019-2679", "CVE-2019-2680", "CVE-2019-2690", "CVE-2019-2696", "CVE-2019-2703", "CVE-2019-2721", "CVE-2019-2722", "CVE-2019-2723", "CVE-2019-2848", "CVE-2019-2850", "CVE-2019-2859", "CVE-2019-2863", "CVE-2019-2864", "CVE-2019-2865", "CVE-2019-2866", "CVE-2019-2867", "CVE-2019-2873", "CVE-2019-2874", "CVE-2019-2875", "CVE-2019-2876", "CVE-2019-2877"); script_name(english:"openSUSE Security Update : virtualbox (openSUSE-2019-1814)"); script_summary(english:"Check for the openSUSE-2019-1814 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for virtualbox to version 6.0.10 fixes the following issues : Security issues fixed : - CVE-2019-2859 CVE-2019-2867 CVE-2019-2866 CVE-2019-2864 CVE-2019-2865 CVE-2019-1543 CVE-2019-2863 CVE-2019-2848 CVE-2019-2877 CVE-2019-2873 CVE-2019-2874 CVE-2019-2875 CVE-2019-2876 CVE-2019-2850 (boo#1141801)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1097248" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1098050" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112097" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113894" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1115041" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1116050" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130503" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130588" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132379" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132439" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132827" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133289" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133492" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1141801" ); script_set_attribute( attribute:"solution", value:"Update the affected virtualbox packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-3294"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-virtualbox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-virtualbox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-vnc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/25"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0|SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0 / 15.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"python3-virtualbox-6.0.10-lp150.4.36.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"python3-virtualbox-debuginfo-6.0.10-lp150.4.36.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-6.0.10-lp150.4.36.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-debuginfo-6.0.10-lp150.4.36.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-debugsource-6.0.10-lp150.4.36.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-devel-6.0.10-lp150.4.36.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-desktop-icons-6.0.10-lp150.4.36.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-kmp-default-6.0.10_k4.12.14_lp150.12.67-lp150.4.36.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-kmp-default-debuginfo-6.0.10_k4.12.14_lp150.12.67-lp150.4.36.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-source-6.0.10-lp150.4.36.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-tools-6.0.10-lp150.4.36.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-tools-debuginfo-6.0.10-lp150.4.36.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-x11-6.0.10-lp150.4.36.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-x11-debuginfo-6.0.10-lp150.4.36.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-host-kmp-default-6.0.10_k4.12.14_lp150.12.67-lp150.4.36.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-host-kmp-default-debuginfo-6.0.10_k4.12.14_lp150.12.67-lp150.4.36.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-host-source-6.0.10-lp150.4.36.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-qt-6.0.10-lp150.4.36.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-qt-debuginfo-6.0.10-lp150.4.36.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-vnc-6.0.10-lp150.4.36.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-websrv-6.0.10-lp150.4.36.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-websrv-debuginfo-6.0.10-lp150.4.36.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"python3-virtualbox-6.0.10-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"python3-virtualbox-debuginfo-6.0.10-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-6.0.10-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-debuginfo-6.0.10-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-debugsource-6.0.10-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-devel-6.0.10-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-guest-desktop-icons-6.0.10-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-guest-kmp-default-6.0.10_k4.12.14_lp151.28.10-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-guest-kmp-default-debuginfo-6.0.10_k4.12.14_lp151.28.10-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-guest-source-6.0.10-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-guest-tools-6.0.10-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-guest-tools-debuginfo-6.0.10-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-guest-x11-6.0.10-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-guest-x11-debuginfo-6.0.10-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-host-kmp-default-6.0.10_k4.12.14_lp151.28.10-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-host-kmp-default-debuginfo-6.0.10_k4.12.14_lp151.28.10-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-host-source-6.0.10-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-qt-6.0.10-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-qt-debuginfo-6.0.10-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-vnc-6.0.10-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-websrv-6.0.10-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-websrv-debuginfo-6.0.10-lp151.2.6.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3-virtualbox / python3-virtualbox-debuginfo / virtualbox / etc"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4596.NASL description Several issues were discovered in the Tomcat servlet and JSP engine, which could result in session fixation attacks, information disclosure, cross-site scripting, denial of service via resource exhaustion and insecure redirects. last seen 2020-06-01 modified 2020-06-02 plugin id 132427 published 2019-12-30 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132427 title Debian DSA-4596-1 : tomcat8 - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4596. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(132427); script_version("1.2"); script_cvs_date("Date: 2020/01/02"); script_cve_id("CVE-2018-11784", "CVE-2018-8014", "CVE-2019-0199", "CVE-2019-0221", "CVE-2019-12418", "CVE-2019-17563"); script_xref(name:"DSA", value:"4596"); script_name(english:"Debian DSA-4596-1 : tomcat8 - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several issues were discovered in the Tomcat servlet and JSP engine, which could result in session fixation attacks, information disclosure, cross-site scripting, denial of service via resource exhaustion and insecure redirects." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/tomcat8" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/stretch/tomcat8" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2019/dsa-4596" ); script_set_attribute( attribute:"solution", value: "Upgrade the tomcat8 packages. For the oldstable distribution (stretch), these problems have been fixed in version 8.5.50-0+deb9u1. This update also requires an updated version of tomcat-native which has been updated to 1.2.21-1~deb9u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:tomcat8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/16"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"9.0", prefix:"libservlet3.1-java", reference:"8.5.50-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libservlet3.1-java-doc", reference:"8.5.50-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libtomcat8-embed-java", reference:"8.5.50-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"libtomcat8-java", reference:"8.5.50-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"tomcat8", reference:"8.5.50-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"tomcat8-admin", reference:"8.5.50-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"tomcat8-common", reference:"8.5.50-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"tomcat8-docs", reference:"8.5.50-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"tomcat8-examples", reference:"8.5.50-0+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"tomcat8-user", reference:"8.5.50-0+deb9u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-1529.NASL description An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Public Key Infrastructure (PKI) Deps module contains fundamental packages required as dependencies for the pki-core module by Red Hat Certificate System. Security Fix(es) : * tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up (CVE-2018-8037) * tomcat: Insecure defaults in CORS filter enable last seen 2020-05-23 modified 2019-06-19 plugin id 126030 published 2019-06-19 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126030 title RHEL 8 : pki-deps:10.6 (RHSA-2019:1529) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-0485.NASL description An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * tomcat: Open redirect in default servlet (CVE-2018-11784) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 122841 published 2019-03-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122841 title RHEL 7 : tomcat (RHSA-2019:0485) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1547.NASL description This update for virtualbox to version 5.2.24 fixes the following issues : Multiple security issues fixed : CVE-2019-2500, CVE-2019-2524, CVE-2019-2552, CVE-2018-3309, CVE-2019-2520 CVE-2019-2521, CVE-2019-2522, CVE-2019-2523, CVE-2019-2526, CVE-2019-2548 CVE-2018-11763, CVE-2019-2511, CVE-2019-2508, CVE-2019-2509, CVE-2019-2527 CVE-2019-2450, CVE-2019-2451, CVE-2019-2555, CVE-2019-2554, CVE-2019-2556 CVE-2018-11784, CVE-2018-0734, CVE-2019-2525, CVE-2019-2446, CVE-2019-2448 CVE-2019-2501, CVE-2019-2504, CVE-2019-2505, CVE-2019-2506, and CVE-2019-2553 (bsc#1122212). Other issues fixed : - Linux Additions: fix for building vboxvideo on EL 7.6 standard kernel, contributed by Robert Conde - USB: fixed a problem causing failures attaching SuperSpeed devices which report USB version 3.1 (rather than 3.0) on Windows hosts - Audio: added support for surround speaker setups used by Windows 10 Build 1809 - Linux hosts: fixed conflict between Debian and Oracle build desktop files - Linux guests: fixed building drivers on SLES 12.4 - Linux guests: fixed building shared folder driver with older kernels last seen 2020-06-01 modified 2020-06-02 plugin id 125844 published 2019-06-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125844 title openSUSE Security Update : virtualbox (openSUSE-2019-1547) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-84.NASL description This update for virtualbox version 5.2.24 fixes the following issues : Update fixes multiple vulnerabilities : CVE-2019-2500, CVE-2019-2524, CVE-2019-2552, CVE-2018-3309, CVE-2019-2520 CVE-2019-2521, CVE-2019-2522, CVE-2019-2523, CVE-2019-2526, CVE-2019-2548 CVE-2018-11763, CVE-2019-2511, CVE-2019-2508, CVE-2019-2509, CVE-2019-2527 CVE-2019-2450, CVE-2019-2451, CVE-2019-2555, CVE-2019-2554, CVE-2019-2556 CVE-2018-11784, CVE-2018-0734, CVE-2019-2525, CVE-2019-2446, CVE-2019-2448 CVE-2019-2501, CVE-2019-2504, CVE-2019-2505, CVE-2019-2506, and CVE-2019-2553 (boo#1122212). Non-security issues fixed : - Linux Additions: fix for building vboxvideo on EL 7.6 standard kernel, contributed by Robert Conde - USB: fixed a problem causing failures attaching SuperSpeed devices which report USB version 3.1 (rather than 3.0) on Windows hosts - Audio: added support for surround speaker setups used by Windows 10 Build 1809 - Linux hosts: fixed conflict between Debian and Oracle build desktop files - Linux guests: fixed building drivers on SLES 12.4 - Linux guests: fixed building shared folder driver with older kernels last seen 2020-03-18 modified 2019-01-28 plugin id 121411 published 2019-01-28 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121411 title openSUSE Security Update : virtualbox (openSUSE-2019-84) NASL family CGI abuses NASL id ORACLE_PRIMAVERA_UNIFIER_CPU_APR_2019.NASL description According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.x prior to 16.2.15.7 or 17.7.x prior to 17.12.10 or 18.x prior to 18.8.6. It is, therefore, affected by multiple vulnerabilities: - A deserialization vulnerability in Apache Commons FileUpload allows for remote code execution. (CVE-2016-1000031) - A denial of service (DoS) vulnerability exists in Apache HTTP Server 2.4.17 to 2.4.34, due to a design error. An unauthenticated, remote attacker can exploit this issue by sending continuous, large SETTINGS frames to cause a client to occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. (CVE-2018-11763). - A deserialization vulnerability in jackson-databind, a fast and powerful JSON library for Java, allows an unauthenticated user to perform code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. (CVE-2018-19362) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 124170 published 2019-04-19 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124170 title Oracle Primavera Unifier Multiple Vulnerabilities (Apr 2019 CPU) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2047.NASL description According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.(CVE-2019-0221) - When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to last seen 2020-05-08 modified 2019-09-24 plugin id 129240 published 2019-09-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129240 title EulerOS 2.0 SP3 : tomcat (EulerOS-SA-2019-2047) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0059_TOMCAT.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has tomcat packages installed that are affected by a vulnerability: - When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to last seen 2020-06-01 modified 2020-06-02 plugin id 127250 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127250 title NewStart CGSL CORE 5.04 / MAIN 5.04 : tomcat Vulnerability (NS-SA-2019-0059) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1772.NASL description According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to last seen 2020-05-03 modified 2019-07-25 plugin id 127009 published 2019-07-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127009 title EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2019-1772) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1544.NASL description Sergey Bobrov discovered that when the default servlet returned a redirect to a directory (e.g. redirecting to /foo/ when the user requested /foo) a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 118096 published 2018-10-15 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118096 title Debian DLA-1544-1 : tomcat7 security update NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-1529.NASL description From Red Hat Security Advisory 2019:1529 : An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Public Key Infrastructure (PKI) Deps module contains fundamental packages required as dependencies for the pki-core module by Red Hat Certificate System. Security Fix(es) : * tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up (CVE-2018-8037) * tomcat: Insecure defaults in CORS filter enable last seen 2020-06-01 modified 2020-06-02 plugin id 127594 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127594 title Oracle Linux 8 : pki-deps:10.6 (ELSA-2019-1529) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1099.NASL description When the default servlet in Apache Tomcat versions 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to last seen 2020-06-01 modified 2020-06-02 plugin id 118803 published 2018-11-08 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118803 title Amazon Linux AMI : tomcat7 (ALAS-2018-1099) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1545.NASL description Sergey Bobrov discovered that when the default servlet returned a redirect to a directory (e.g. redirecting to /foo/ when the user requested /foo) a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 118119 published 2018-10-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118119 title Debian DLA-1545-1 : tomcat8 security update NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-0131.NASL description An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 5 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * tomcat: host name verification missing in WebSocket client (CVE-2018-8034) * tomcat: Open redirect in default servlet (CVE-2018-11784) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-03-18 modified 2019-01-23 plugin id 121325 published 2019-01-23 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121325 title RHEL 6 / 7 : Red Hat JBoss Web Server 3.1 Service Pack 6 (RHSA-2019:0131) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2019-1208.NASL description When the default servlet in Apache Tomcat returned a redirect to a directory (e.g. redirecting to last seen 2020-06-01 modified 2020-06-02 plugin id 125294 published 2019-05-21 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125294 title Amazon Linux AMI : tomcat8 (ALAS-2019-1208) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-2868.NASL description An update is now available for Red Hat JBoss Web Server 5.0 for RHEL 6 and Red Hat JBoss Web Server 5.0 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.0 Service Pack 1 serves as a replacement for Red Hat JBoss Web Server 5.0, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * tomcat: Information Disclosure (CVE-2018-8037) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 117912 published 2018-10-04 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117912 title RHEL 6 / 7 : Red Hat JBoss Web Server 5.0 Service Pack 1 (RHSA-2018:2868) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-0485.NASL description An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * tomcat: Open redirect in default servlet (CVE-2018-11784) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 122953 published 2019-03-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122953 title CentOS 7 : tomcat (CESA-2019:0485) NASL family Databases NASL id ORACLE_RDBMS_CPU_OCT_2019.NASL description The remote Oracle Database Server is missing the October 2019 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability in the Java VM component of Oracle Database Server, which could allow an unauthenticated, remote attacker to manipulate Java VM accessible data. (CVE-2019-2909) - An unspecified vulnerability in the Core RDBMS (jackson-databind) component of Oracle Database Server, which could allow an authenticated, remote attacker to cause a denial of serivce of Core RDBMS. (CVE-2019-2956) - An unspecified vulnerability in the Core RDBMS component of Oracle Database Server, which could allow an authenticated, remote attacker to read a subset of Core RDBMS accessible data. (CVE-2019-2913) It is also affected by additional vulnerabilities; see the vendor advisory for more information. last seen 2020-06-02 modified 2019-10-18 plugin id 130058 published 2019-10-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130058 title Oracle Database Server Multiple Vulnerabilities (Oct 2019 CPU) NASL family Web Servers NASL id TOMCAT_7_0_91.NASL description The version of Apache Tomcat installed on the remote host is 7.0.x prior to 7.0.91. It is, therefore, affected by a open redirect vulnerability. last seen 2020-03-18 modified 2018-10-10 plugin id 118035 published 2018-10-10 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118035 title Apache Tomcat 7.0.0 < 7.0.91 Open Redirect Weakness NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-972.NASL description This update for tomcat to 9.0.12 fixes the following issues : See the full changelog at: http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.12_( markt) Security issues fixed : - CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a directory (e.g. redirecting to last seen 2020-06-01 modified 2020-06-02 plugin id 123395 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123395 title openSUSE Security Update : tomcat (openSUSE-2019-972) NASL family Scientific Linux Local Security Checks NASL id SL_20190313_TOMCAT_ON_SL7_X.NASL description Security Fix(es) : - tomcat: Open redirect in default servlet (CVE-2018-11784) last seen 2020-03-18 modified 2019-03-14 plugin id 122846 published 2019-03-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122846 title Scientific Linux Security Update : tomcat on SL7.x (noarch) (20190313) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1602.NASL description According to the version of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to last seen 2020-05-06 modified 2019-05-29 plugin id 125529 published 2019-05-29 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125529 title EulerOS 2.0 SP5 : tomcat (EulerOS-SA-2019-1602) NASL family Web Servers NASL id TOMCAT_9_0_11.NASL description The version of Apache Tomcat installed on the remote host is 9.0.x prior to 9.0.12. It is, therefore, affected by a open redirect vulnerability. last seen 2020-03-18 modified 2018-10-10 plugin id 118037 published 2018-10-10 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118037 title Apache Tomcat 9.0.0.M1 < 9.0.12 Open Redirect Weakness NASL family CGI abuses NASL id ORACLE_PRIMAVERA_P6_EPPM_CPU_APR_2019.NASL description According to its self-reported version number, the Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) installation running on the remote web server is 8.4 prior to 8.4.15.10, 15.x prior to 15.2.18.4, 16.x prior to 16.2.17.2, 17.x prior to 17.12.12.0, or 18.x prior to 18.8.8.0. It is, therefore, affected by multiple vulnerabilities: - A deserialization vulnerability in Apache Commons FileUpload allows for remote code execution. (CVE-2016-1000031) - A denial of service vulnerability in the bundled third-party component OpenSSL library last seen 2020-06-01 modified 2020-06-02 plugin id 124169 published 2019-04-19 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124169 title Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (Apr 2019 CPU) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2019-1192.NASL description When the default servlet in Apache Tomcat returned a redirect to a directory (e.g. redirecting to last seen 2020-06-01 modified 2020-06-02 plugin id 124127 published 2019-04-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124127 title Amazon Linux 2 : tomcat (ALAS-2019-1192) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1276.NASL description This update for tomcat fixes the following issues : - CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a directory (e.g. redirecting to last seen 2020-06-05 modified 2018-10-26 plugin id 118446 published 2018-10-26 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118446 title openSUSE Security Update : tomcat (openSUSE-2018-1276) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3787-1.NASL description It was discovered that Tomcat incorrectly handled returning redirects to a directory. A remote attacker could possibly use this issue with a specially crafted URL to redirect to arbitrary URIs. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 118068 published 2018-10-11 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118068 title Ubuntu 14.04 LTS / 16.04 LTS : tomcat7, tomcat8 vulnerability (USN-3787-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-0485.NASL description From Red Hat Security Advisory 2019:0485 : An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * tomcat: Open redirect in default servlet (CVE-2018-11784) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 122863 published 2019-03-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122863 title Oracle Linux 7 : tomcat (ELSA-2019-0485)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://www.securityfocus.com/bid/105524
- https://usn.ubuntu.com/3787-1/
- https://lists.debian.org/debian-lts-announce/2018/10/msg00005.html
- https://security.netapp.com/advisory/ntap-20181014-0002/
- https://lists.debian.org/debian-lts-announce/2018/10/msg00006.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://access.redhat.com/errata/RHSA-2019:0131
- https://access.redhat.com/errata/RHSA-2019:0130
- https://access.redhat.com/errata/RHSA-2019:0485
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html
- https://access.redhat.com/errata/RHSA-2019:1529
- https://kc.mcafee.com/corporate/index?page=content&id=SB10284
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.debian.org/security/2019/dsa-4596
- https://seclists.org/bugtraq/2019/Dec/43
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- http://packetstormsecurity.com/files/163456/Apache-Tomcat-9.0.0M1-Open-Redirect.html
- https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75%40%3Cannounce.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP/
- https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E