Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2023-1738.NASL
HistoryMay 04, 2023 - 12:00 a.m.

Amazon Linux AMI : tomcat7 (ALAS-2023-1738)

2023-05-0400:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
amazon linux ami
tomcat7
security bypass
viewing source code
alas-2023-1738 advisory

0.908 High

EPSS

Percentile

98.8%

JSON

The version of tomcat7 installed on the remote host is prior to 7.0.109-1.42. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1738 advisory.

  • When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. (CVE-2017-12616)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2023-1738.
##

include('compat.inc');

if (description)
{
  script_id(175088);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/15");

  script_cve_id("CVE-2017-12616", "CVE-2022-4132", "CVE-2023-24998");
  script_xref(name:"IAVA", value:"2023-A-0112-S");

  script_name(english:"Amazon Linux AMI : tomcat7 (ALAS-2023-1738)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux AMI host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of tomcat7 installed on the remote host is prior to 7.0.109-1.42. It is, therefore, affected by multiple
vulnerabilities as referenced in the ALAS-2023-1738 advisory.

  - When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security
    constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a
    specially crafted request. (CVE-2017-12616)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2023-1738.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2017-12616.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-4132.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-24998.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update tomcat7' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12616");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"d2_elliot_name", value:"Apache Tomcat VirtualDirContext Class File Handling Remote JSP Source Code Disclosure");
  script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/02/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/04/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-admin-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-docs-webapp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-el-2.2-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-log4j");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-webapps");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var pkgs = [
    {'reference':'tomcat7-7.0.109-1.42.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tomcat7-admin-webapps-7.0.109-1.42.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tomcat7-docs-webapp-7.0.109-1.42.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tomcat7-el-2.2-api-7.0.109-1.42.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tomcat7-javadoc-7.0.109-1.42.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tomcat7-jsp-2.2-api-7.0.109-1.42.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tomcat7-lib-7.0.109-1.42.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tomcat7-log4j-7.0.109-1.42.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tomcat7-servlet-3.0-api-7.0.109-1.42.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tomcat7-webapps-7.0.109-1.42.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat7 / tomcat7-admin-webapps / tomcat7-docs-webapp / etc");
}
VendorProductVersionCPE
amazonlinuxtomcat7p-cpe:/a:amazon:linux:tomcat7
amazonlinuxtomcat7-admin-webappsp-cpe:/a:amazon:linux:tomcat7-admin-webapps
amazonlinuxtomcat7-docs-webappp-cpe:/a:amazon:linux:tomcat7-docs-webapp
amazonlinuxtomcat7-el-2.2-apip-cpe:/a:amazon:linux:tomcat7-el-2.2-api
amazonlinuxtomcat7-javadocp-cpe:/a:amazon:linux:tomcat7-javadoc
amazonlinuxtomcat7-jsp-2.2-apip-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api
amazonlinuxtomcat7-libp-cpe:/a:amazon:linux:tomcat7-lib
amazonlinuxtomcat7-log4jp-cpe:/a:amazon:linux:tomcat7-log4j
amazonlinuxtomcat7-servlet-3.0-apip-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api
amazonlinuxtomcat7-webappsp-cpe:/a:amazon:linux:tomcat7-webapps
Rows per page:
1-10 of 111

Related

amazon 2
debiancve 3
veracode 2
prion 3
osv 8
nvd 3
archlinux 1
redhatcve 5
checkpoint_advisories 1
openvas 17
cvelist 4
dsquare 1
f5 2
cve 3
debian 1
github 3
nessus 28
mageia 2
ibm 91
kaspersky 3
ubuntucve 3
cnvd 2
githubexploit 1
tomcat 4
vaadin 1
cgr 1
wolfi 1
cisa 1
myhack58 1
seebug 1
amazon
amazon
Important: tomcat7
2023-04-27 16:19:00
Important: tomcat
2023-04-27 18:36:00
debiancve
debiancve
CVE-2017-12616
2017-09-19 13:29:00
CVE-2022-4132
2023-10-04 12:15:10
CVE-2023-24998
2023-02-20 16:15:10
veracode
veracode
Information Disclosure
2017-09-20 02:23:33
Denial Of Service (DoS)
2023-02-24 11:02:57
prion
prion
Design/Logic Flaw
2017-09-19 13:29:00
Default credentials
2023-02-20 16:15:00
Memory corruption
2023-10-04 12:15:00
osv
osv
tomcat7 - security update
2017-09-24 00:00:00
CVE-2017-12616
2017-09-19 13:29:00
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2022-05-14 01:10:16
nvd
nvd
CVE-2017-12616
2017-09-19 13:29:00
CVE-2023-24998
2023-02-20 16:15:10
CVE-2022-4132
2023-10-04 12:15:10
archlinux
archlinux
[ASA-201709-17] tomcat7: information disclosure
2017-09-19 00:00:00
redhatcve
redhatcve
CVE-2017-12616
2019-10-08 03:55:37
CVE-2023-24998
2023-02-21 21:59:14
CVE-2022-4132
2022-11-23 20:26:00
checkpoint_advisories
checkpoint_advisories
Apache Tomcat VirtualDirContext Information Disclosure (CVE-2017-12616)
2017-10-02 00:00:00
openvas
openvas
Apache Tomcat 'VirtualDirContext' Information Disclosure Vulnerability - Windows
2017-09-25 00:00:00
Debian: Security Advisory (DLA-1108-1)
2018-02-06 00:00:00
Apache Tomcat 'VirtualDirContext' Information Disclosure Vulnerability - Linux
2017-09-25 00:00:00
cvelist
cvelist
CVE-2017-12616
2017-09-19 00:00:00
CVE-2023-24998 Apache Commons FileUpload, Apache Tomcat: FileUpload DoS with excessive parts
2023-02-20 15:57:07
CVE-2022-4132 Memory leak on tls connections
2023-10-04 11:26:11
dsquare
dsquare
Apache Tomcat VirtualDirContext Class File Handling Remote JSP Source Code Disclosure
2018-03-09 00:00:00
f5
f5
K24335161 : Apache Tomcat vulnerability CVE-2017-12616
2017-09-28 00:00:00
K000133052 : Apache Commons FileUpload vulnerability CVE-2023-24998
2023-03-18 00:00:00
cve
cve
CVE-2017-12616
2017-09-19 13:29:00
CVE-2023-24998
2023-02-20 16:15:10
CVE-2022-4132
2023-10-04 12:15:10
debian
debian
[SECURITY] [DLA 1108-1] tomcat7 security update
2017-09-24 16:53:09
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2022-05-14 01:10:16
DoS vulnerabilities persist in ESAPI file uploads despite remediation of CVE-2023-24998
2023-10-27 21:55:44
Apache Commons FileUpload denial of service vulnerability
2023-02-20 18:30:17
nessus
nessus
Debian DLA-1108-1 : tomcat7 security update
2017-09-25 00:00:00
Apache Tomcat 8.5.0 < 8.5.85
2023-02-20 00:00:00
SUSE SLES15 Security Update : tomcat (SUSE-SU-2023:0697-1)
2023-03-11 00:00:00
mageia
mageia
Updated apache-commons-fileupload packages fix security vulnerability
2023-02-27 23:27:16
Updated tomcat packages fix security vulnerability
2017-09-21 16:43:32
ibm
ibm
Security Bulletin: IBM Spectrum Symphony with IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache Commons FileUpload
2023-10-05 20:26:47
Security Bulletin: There is a security vulnerability in Apache Commons FileUpload and Tomcat used by IBM Maximo Data Loader (CVE-2023-24998)
2023-03-29 09:33:47
Security Bulletin: IBM Liberty for Java for IBM Cloud is vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)
2023-05-02 18:19:57
kaspersky
kaspersky
KLA40220 DoS vulnerability in Apache Tomcat
2023-01-19 00:00:00
KLA40221 DoS vulnerability in Apache Tomcat
2023-01-13 00:00:00
KLA11106 Multiple vulnerabilities in Apache Tomcat
2017-09-19 00:00:00
ubuntucve
ubuntucve
CVE-2023-24998
2023-02-20 00:00:00
CVE-2022-4132
2023-10-04 00:00:00
CVE-2017-12616
2017-09-19 00:00:00
cnvd
cnvd
Apache Commons FileUpload Denial of Service Vulnerability (CNVD-2023-23552)
2023-02-22 00:00:00
Apache Tomcat has an unspecified vulnerability
2022-11-25 00:00:00
githubexploit
githubexploit
Exploit for Allocation of Resources Without Limits or Throttling in Apache Commons Fileupload
2023-03-29 01:36:29
tomcat
tomcat
Fixed in Apache Tomcat 10.1.5
2023-01-13 00:00:00
Fixed in Apache Tomcat 9.0.71
2023-01-13 00:00:00
Fixed in Apache Tomcat 8.5.85
2023-01-19 00:00:00
vaadin
vaadin
Apache Commons FileUpload - DoS with excessive parts
2023-06-22 00:00:00
cgr
cgr
CVE-2023-24998 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2023-24998 vulnerabilities
2024-07-05 21:08:40
cisa
cisa
Apache Releases Security Updates for Apache Tomcat
2017-09-19 00:00:00
myhack58
myhack58
Tomcat remote code execution vulnerability flaws bug research CVE-2017-12615 and patch Bypass-vulnerability warning-the black bar safety net
2017-09-20 00:00:00
seebug
seebug
Tomcat code execution vulnerability(CVE-2017-12615)
2017-09-20 00:00:00

0.908 High

EPSS

Percentile

98.8%

JSON
Related for ALA_ALAS-2023-1738.NASL
amazon2debiancve3veracode2prion3osv8nvd3archlinux1redhatcve5checkpoint_advisories1openvas17cvelist4dsquare1f52cve3debian1github3nessus28mageia2ibm91kaspersky3ubuntucve3cnvd2githubexploit1tomcat4vaadin1cgr1wolfi1cisa1myhack581seebug1