Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2021 Tenable Network Security, Inc.FEDORA_2007-3474.NASL
HistoryNov 20, 2007 - 12:00 a.m.

Fedora 8 : tomcat5-5.5.25-1jpp.1.fc8 (2007-3474)

2007-11-2000:00:00
This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.
www.tenable.com
23

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.959

Percentile

99.5%

JSON

Updated Tomcat5 packages that fix several security bugs are now available for Fedora Core 8.

This update includes fixes to the following :

  • CVE-2007-1355

    • CVE-2007-3386

    • CVE-2007-3385

    • CVE-2007-3382

    • CVE-2007-2450

    • CVE-2007-2449

    • CVE-2007-5461

    • CVE-2007-1358

All users of tomcat are advised to update to these packages.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2007-3474.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(28258);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2007-1355", "CVE-2007-1358", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5461");
  script_xref(name:"FEDORA", value:"2007-3474");

  script_name(english:"Fedora 8 : tomcat5-5.5.25-1jpp.1.fc8 (2007-3474)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated Tomcat5 packages that fix several security bugs are now
available for Fedora Core 8.

This update includes fixes to the following :

  - CVE-2007-1355

    - CVE-2007-3386

    - CVE-2007-3385

    - CVE-2007-3382

    - CVE-2007-2450

    - CVE-2007-2449

    - CVE-2007-5461

    - CVE-2007-1358

All users of tomcat are advised to update to these packages.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=244803"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=244804"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=244808"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=247972"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=247976"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=247994"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=253166"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=333791"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=363001"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=363081"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2007-November/004949.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?15257d44"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_cwe_id(22, 79, 200);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5-admin-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5-common-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5-jasper");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5-jasper-eclipse");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5-jasper-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5-jsp-2.0-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5-jsp-2.0-api-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5-server-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5-servlet-2.4-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5-servlet-2.4-api-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tomcat5-webapps");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/11/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC8", reference:"tomcat5-5.5.25-1jpp.1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"tomcat5-admin-webapps-5.5.25-1jpp.1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"tomcat5-common-lib-5.5.25-1jpp.1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"tomcat5-debuginfo-5.5.25-1jpp.1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"tomcat5-jasper-5.5.25-1jpp.1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"tomcat5-jasper-eclipse-5.5.25-1jpp.1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"tomcat5-jasper-javadoc-5.5.25-1jpp.1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"tomcat5-jsp-2.0-api-5.5.25-1jpp.1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"tomcat5-jsp-2.0-api-javadoc-5.5.25-1jpp.1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"tomcat5-server-lib-5.5.25-1jpp.1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"tomcat5-servlet-2.4-api-5.5.25-1jpp.1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"tomcat5-servlet-2.4-api-javadoc-5.5.25-1jpp.1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"tomcat5-webapps-5.5.25-1jpp.1.fc8")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc");
}

References

Related

altlinux 1
nessus 33
fedora 5
openvas 31
redhat 7
tomcat 9
osv 9
centos 2
oraclelinux 2
debian 2
veracode 9
securityvulns 12
seebug 4
atlassian 2
cve 8
exploitpack 1
ubuntucve 9
jvn 5
prion 8
nvd 9
exploitdb 7
cvelist 10
packetstorm 3
github 7
checkpoint_advisories 1
cert 1
freebsd 1
nuclei 1
altlinux
altlinux
Security fix for the ALT Linux 5 package tomcat5 version 0:5.5.25-alt1_1.1jpp5.0
2007-11-30 00:00:00
nessus
nessus
Fedora 7 : tomcat5-5.5.25-1jpp.1.fc7 (2007-3456)
2007-11-20 00:00:00
Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.25 Multiple Vulnerabilities
2010-12-07 00:00:00
Apache Tomcat < 6.0.14 Multiple Vulnerabilities
2019-01-11 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7
2007-11-17 05:34:43
[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8
2007-11-17 05:37:36
[SECURITY] Fedora 8 Update: tomcat5-5.5.26-1jpp.2.fc8
2008-02-13 05:14:35
openvas
openvas
Fedora Update for tomcat5 FEDORA-2007-3474
2009-02-27 00:00:00
Fedora Update for tomcat5 FEDORA-2007-3456
2009-02-27 00:00:00
Fedora Update for tomcat5 FEDORA-2007-3456
2009-02-27 00:00:00
redhat
redhat
(RHSA-2007:0876) Moderate: tomcat security update
2007-10-11 00:00:00
(RHSA-2007:0871) Moderate: tomcat security update
2007-09-26 00:00:00
(RHSA-2008:0195) Moderate: tomcat security update
2008-04-28 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 5.5.25, 5.0.SVN
2007-09-08 00:00:00
Fixed in Apache Tomcat 6.0.14
2007-08-13 00:00:00
Fixed in Apache Tomcat 4.1.37
2005-10-06 00:00:00
osv
osv
tomcat5.5 several vulnerabilities
2008-01-03 00:00:00
tomcat5 - several vulnerabilities
2008-01-07 00:00:00
Apache Tomcat treats single quotes as delimiters in cookies
2022-05-01 18:13:14
centos
centos
tomcat5 security update
2007-09-28 08:11:50
tomcat5 security update
2007-07-22 15:57:46
oraclelinux
oraclelinux
Moderate: tomcat security update
2007-09-26 00:00:00
Moderate: tomcat security update
2007-07-17 00:00:00
debian
debian
[SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities
2008-01-07 18:41:20
[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
2008-01-03 21:54:49
veracode
veracode
Session Hijacking
2018-11-13 05:10:16
Information Disclosure
2019-03-25 08:40:44
Cross-Site Scripting (XSS)
2018-11-12 09:08:34
securityvulns
securityvulns
Apache Tomcat multiple security vulnerabilities
2007-08-14 00:00:00
CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities &#40;Updated - v1.1&#41;
2009-01-28 00:00:00
Apache Tomcat crossite scripting
2007-06-14 00:00:00
seebug
seebug
Apache Tomcat多个远程信息泄露漏洞
2007-08-23 00:00:00
Apache Tomcat Host Manager Servlet跨站脚本执行漏洞
2007-08-23 00:00:00
Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
2014-07-01 00:00:00
atlassian
atlassian
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
cve
cve
CVE-2007-1358
2007-05-10 00:19:00
CVE-2007-3386
2007-08-14 22:17:00
CVE-2007-3385
2007-08-14 22:17:00
exploitpack
exploitpack
Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure
2008-02-09 00:00:00
ubuntucve
ubuntucve
CVE-2007-3386
2007-08-14 00:00:00
CVE-2007-1358
2007-05-10 00:00:00
CVE-2007-3385
2007-08-14 00:00:00
jvn
jvn
JVN#59851336 Apache Tomcat Host Manager cross-site scripting vulnerability
2007-08-15 00:00:00
JVN#16535199: Apache Tomcat Accept-Language Header Cross-Site Scripting Vulnerability
2007-06-19 00:00:00
JVN#07100457 Apache Tomcat cross-site scripting vulnerability
2007-06-15 00:00:00
prion
prion
Cross site scripting
2007-08-14 22:17:00
Session fixation
2007-08-14 22:17:00
Design/Logic Flaw
2007-08-14 22:17:00
nvd
nvd
CVE-2007-3386
2007-08-14 22:17:00
CVE-2007-3385
2007-08-14 22:17:00
CVE-2007-1355
2007-05-21 20:30:00
exploitdb
exploitdb
Apache Tomcat 6.0.13 - Host Manager Servlet Cross-Site Scripting
2007-08-14 00:00:00
Apache Tomcat 6.0.10 - Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
2007-05-19 00:00:00
Apache Tomcat 6.0.13 - Insecure Cookie Handling Quote Delimiter Session ID Disclosure
2007-08-14 00:00:00
cvelist
cvelist
CVE-2007-3386
2007-08-14 22:00:00
CVE-2007-1355
2007-05-21 20:00:00
CVE-2007-3385
2007-08-14 22:00:00
packetstorm
packetstorm
CVE-2007-3386.txt
2007-08-14 00:00:00
CVE-2007-1355.txt
2007-05-22 00:00:00
CVE-2007-2449.txt
2007-06-15 00:00:00
github
github
Apache Tomcat Mishandles Character Sequence in Cookies
2022-05-01 18:13:14
Apache Tomcat treats single quotes as delimiters in cookies
2022-05-01 18:13:14
Apache Tomcat Path Traversal Vulnerability
2022-05-01 18:33:34
checkpoint_advisories
checkpoint_advisories
Apache Tomcat WebDav Remote Information Disclosure (CVE-2007-5461)
2013-11-18 00:00:00
cert
cert
Apache Tomcat fails to properly handle cookies containing single quotes
2007-08-14 00:00:00
freebsd
freebsd
tomcat -- XSS vulnerability in sample applications
2007-05-19 00:00:00
nuclei
nuclei
Apache Tomcat 4.x-7.x - Cross-Site Scripting
2024-09-09 17:01:10

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.959

Percentile

99.5%

JSON
Related for FEDORA_2007-3474.NASL
altlinux1nessus33fedora5openvas31redhat7tomcat9osv9centos2oraclelinux2debian2veracode9securityvulns12seebug4atlassian2cve8exploitpack1ubuntucve9jvn5prion8nvd9exploitdb7cvelist10packetstorm3github7checkpoint_advisories1cert1freebsd1nuclei1