Amazon Linux AMI : tomcat7 / tomcat8 (ALAS-2017-903)

2017-10-0300:00:00

www.tenable.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

0.003 Low

EPSS

Percentile

68.4%

JSON

1480618 :

Vary header not added by CORS filter leading to cache poisoning

The CORS Filter in Apache Tomcat did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances. (CVE-2017-7674)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2017-903.
#

include("compat.inc");

if (description)
{
  script_id(103600);
  script_version("3.3");
  script_cvs_date("Date: 2018/04/18 15:09:36");

  script_cve_id("CVE-2017-7674");
  script_xref(name:"ALAS", value:"2017-903");

  script_name(english:"Amazon Linux AMI : tomcat7 / tomcat8 (ALAS-2017-903)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"1480618 :

Vary header not added by CORS filter leading to cache poisoning

The CORS Filter in Apache Tomcat did not add an HTTP Vary header
indicating that the response varies depending on Origin. This
permitted client and server side cache poisoning in some
circumstances. (CVE-2017-7674)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2017-903.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Run 'yum update tomcat7' to update your system.

Run 'yum update tomcat8' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-admin-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-docs-webapp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-el-2.2-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-log4j");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat8-admin-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat8-docs-webapp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat8-el-3.0-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat8-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat8-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat8-log4j");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat8-webapps");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/10/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/03");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"tomcat7-7.0.81-1.29.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"tomcat7-admin-webapps-7.0.81-1.29.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"tomcat7-docs-webapp-7.0.81-1.29.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"tomcat7-el-2.2-api-7.0.81-1.29.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"tomcat7-javadoc-7.0.81-1.29.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"tomcat7-jsp-2.2-api-7.0.81-1.29.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"tomcat7-lib-7.0.81-1.29.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"tomcat7-log4j-7.0.81-1.29.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"tomcat7-servlet-3.0-api-7.0.81-1.29.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"tomcat7-webapps-7.0.81-1.29.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"tomcat8-8.0.46-1.76.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"tomcat8-admin-webapps-8.0.46-1.76.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"tomcat8-docs-webapp-8.0.46-1.76.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"tomcat8-el-3.0-api-8.0.46-1.76.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"tomcat8-javadoc-8.0.46-1.76.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"tomcat8-jsp-2.3-api-8.0.46-1.76.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"tomcat8-lib-8.0.46-1.76.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"tomcat8-log4j-8.0.46-1.76.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"tomcat8-servlet-3.1-api-8.0.46-1.76.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"tomcat8-webapps-8.0.46-1.76.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat7 / tomcat7-admin-webapps / tomcat7-docs-webapp / etc");
}

VendorProductVersionCPE
amazonlinuxtomcat7p-cpe:/a:amazon:linux:tomcat7
amazonlinuxtomcat7-admin-webappsp-cpe:/a:amazon:linux:tomcat7-admin-webapps
amazonlinuxtomcat7-docs-webappp-cpe:/a:amazon:linux:tomcat7-docs-webapp
amazonlinuxtomcat7-el-2.2-apip-cpe:/a:amazon:linux:tomcat7-el-2.2-api
amazonlinuxtomcat7-javadocp-cpe:/a:amazon:linux:tomcat7-javadoc
amazonlinuxtomcat7-jsp-2.2-apip-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api
amazonlinuxtomcat7-libp-cpe:/a:amazon:linux:tomcat7-lib
amazonlinuxtomcat7-log4jp-cpe:/a:amazon:linux:tomcat7-log4j
amazonlinuxtomcat7-servlet-3.0-apip-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api
amazonlinuxtomcat7-webappsp-cpe:/a:amazon:linux:tomcat7-webapps

Vendor	Product	Version	CPE
amazon	linux	tomcat7	p-cpe:/a:amazon:linux:tomcat7
amazon	linux	tomcat7-admin-webapps	p-cpe:/a:amazon:linux:tomcat7-admin-webapps
amazon	linux	tomcat7-docs-webapp	p-cpe:/a:amazon:linux:tomcat7-docs-webapp
amazon	linux	tomcat7-el-2.2-api	p-cpe:/a:amazon:linux:tomcat7-el-2.2-api
amazon	linux	tomcat7-javadoc	p-cpe:/a:amazon:linux:tomcat7-javadoc
amazon	linux	tomcat7-jsp-2.2-api	p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api
amazon	linux	tomcat7-lib	p-cpe:/a:amazon:linux:tomcat7-lib
amazon	linux	tomcat7-log4j	p-cpe:/a:amazon:linux:tomcat7-log4j
amazon	linux	tomcat7-servlet-3.0-api	p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api
amazon	linux	tomcat7-webapps	p-cpe:/a:amazon:linux:tomcat7-webapps