Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2013-1012.NASL
HistoryJun 26, 2014 - 12:00 a.m.

RHEL 6 : Red Hat JBoss Web Server 2.0.1 update (Moderate) (RHSA-2013:1012)

2014-06-2600:00:00
This script is Copyright (C) 2014-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.718 High

EPSS

Percentile

98.1%

JSON

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:1012 advisory.

  • httpd: multiple XSS flaws due to unescaped hostnames (CVE-2012-3499)

  • tomcat: Limited DoS in chunked transfer encoding input filter (CVE-2012-3544)

  • httpd: XSS flaw in mod_proxy_balancer manager interface (CVE-2012-4558)

  • tomcat: Session fixation in form authenticator (CVE-2013-2067)

  • tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions (CVE-2013-2071)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2013:1012. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(76238);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/24");

  script_cve_id(
    "CVE-2012-3499",
    "CVE-2012-3544",
    "CVE-2012-4558",
    "CVE-2013-2067",
    "CVE-2013-2071"
  );
  script_xref(name:"RHSA", value:"2013:1012");

  script_name(english:"RHEL 6 : Red Hat JBoss Web Server 2.0.1 update (Moderate) (RHSA-2013:1012)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2013:1012 advisory.

  - httpd: multiple XSS flaws due to unescaped hostnames (CVE-2012-3499)

  - tomcat: Limited DoS in chunked transfer encoding input filter (CVE-2012-3544)

  - httpd: XSS flaw in mod_proxy_balancer manager interface (CVE-2012-4558)

  - tomcat: Session fixation in form authenticator (CVE-2013-2067)

  - tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw
    RuntimeExceptions (CVE-2013-2071)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://access.redhat.com/security/data/csaf/v2/advisories/2013/rhsa-2013_1012.json
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4db5e5ef");
  # https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8925bcb8");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2013:1012");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/site/documentation/");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=915883");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=915884");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=961779");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=961783");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=961803");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2067");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_cwe_id(384, 79);
  script_set_attribute(attribute:"vendor_severity", value:"Moderate");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/07/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/26");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-eap6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-jsvc-eap6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-pool-eap6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-pool-tomcat-eap6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:dom4j");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ecj3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-manual");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_cluster");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_cluster-demo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_jk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_jk-ap22");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_jk-manual");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_ssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat-native");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-1.0-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-log4j");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-1.0-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("redhat_repos.nasl", "ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'repo_relative_urls': [
      'content/dist/rhel/server/6/6Server/i386/jbews/2/debug',
      'content/dist/rhel/server/6/6Server/i386/jbews/2/os',
      'content/dist/rhel/server/6/6Server/i386/jbews/2/source/SRPMS',
      'content/dist/rhel/server/6/6Server/x86_64/jbews/2/debug',
      'content/dist/rhel/server/6/6Server/x86_64/jbews/2/os',
      'content/dist/rhel/server/6/6Server/x86_64/jbews/2/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'apache-commons-daemon-eap6-1.0.15-4.redhat_1.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'tomcat'},
      {'reference':'apache-commons-daemon-jsvc-eap6-1.0.15-1.redhat_1.ep6.el6', 'cpu':'i386', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'tomcat'},
      {'reference':'apache-commons-daemon-jsvc-eap6-1.0.15-1.redhat_1.ep6.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'tomcat'},
      {'reference':'apache-commons-pool-eap6-1.6-6.redhat_4.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'apache-commons-pool-tomcat-eap6-1.6-6.redhat_4.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'dom4j-1.6.1-19.redhat_5.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'ecj3-3.7.2-6.redhat_1.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'tomcat'},
      {'reference':'httpd-2.2.22-23.ep6.el6', 'cpu':'i386', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'httpd-2.2.22-23.ep6.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'httpd-devel-2.2.22-23.ep6.el6', 'cpu':'i386', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'httpd-devel-2.2.22-23.ep6.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'httpd-manual-2.2.22-23.ep6.el6', 'cpu':'i386', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'httpd-manual-2.2.22-23.ep6.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'httpd-tools-2.2.22-23.ep6.el6', 'cpu':'i386', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'httpd-tools-2.2.22-23.ep6.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'mod_cluster-1.2.4-1.Final_redhat_1.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'mod_cluster-demo-1.2.4-1.Final_redhat_1.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'mod_cluster-native-1.2.4-1.Final.redhat_1.ep6.el6', 'cpu':'i386', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'mod_cluster-native-1.2.4-1.Final.redhat_1.ep6.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'mod_cluster-tomcat6-1.2.4-1.Final_redhat_1.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'mod_cluster-tomcat7-1.2.4-1.Final_redhat_1.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'mod_jk-ap22-1.2.37-2.redhat_1.ep6.el6', 'cpu':'i386', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'mod_jk-ap22-1.2.37-2.redhat_1.ep6.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'mod_jk-manual-1.2.37-2.redhat_1.ep6.el6', 'cpu':'i386', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'mod_jk-manual-1.2.37-2.redhat_1.ep6.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'mod_ssl-2.2.22-23.ep6.el6', 'cpu':'i386', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'tomcat'},
      {'reference':'mod_ssl-2.2.22-23.ep6.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'tomcat'},
      {'reference':'tomcat-native-1.1.27-4.redhat_1.ep6.el6', 'cpu':'i386', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'tomcat-native-1.1.27-4.redhat_1.ep6.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'tomcat6-6.0.37-10_patch_01.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'tomcat6-admin-webapps-6.0.37-10_patch_01.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'tomcat6-docs-webapp-6.0.37-10_patch_01.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'tomcat6-el-1.0-api-6.0.37-10_patch_01.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'tomcat6-javadoc-6.0.37-10_patch_01.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'tomcat6-jsp-2.1-api-6.0.37-10_patch_01.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'tomcat6-lib-6.0.37-10_patch_01.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'tomcat6-log4j-6.0.37-10_patch_01.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'tomcat6-servlet-2.5-api-6.0.37-10_patch_01.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'tomcat6-webapps-6.0.37-10_patch_01.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'tomcat7-7.0.40-5_patch_01.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'tomcat7-admin-webapps-7.0.40-5_patch_01.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'tomcat7-docs-webapp-7.0.40-5_patch_01.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'tomcat7-el-1.0-api-7.0.40-5_patch_01.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'tomcat7-javadoc-7.0.40-5_patch_01.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'tomcat7-jsp-2.2-api-7.0.40-5_patch_01.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'tomcat7-lib-7.0.40-5_patch_01.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'tomcat7-log4j-7.0.40-5_patch_01.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'tomcat7-servlet-3.0-api-7.0.40-5_patch_01.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'},
      {'reference':'tomcat7-webapps-7.0.40-5_patch_01.ep6.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat'}
    ]
  }
];

var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);

var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
  foreach var pkg ( constraint_array['pkgs'] ) {
    var reference = NULL;
    var _release = NULL;
    var sp = NULL;
    var _cpu = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var epoch = NULL;
    var allowmaj = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        _release &&
        rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
        (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
        rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
  else extra = rpm_report_get();
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : extra
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache-commons-daemon-eap6 / apache-commons-daemon-jsvc-eap6 / etc');
}
VendorProductVersionCPE
redhatenterprise_linuxapache-commons-daemon-eap6p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-eap6
redhatenterprise_linuxapache-commons-daemon-jsvc-eap6p-cpe:/a:redhat:enterprise_linux:apache-commons-daemon-jsvc-eap6
redhatenterprise_linuxapache-commons-pool-eap6p-cpe:/a:redhat:enterprise_linux:apache-commons-pool-eap6
redhatenterprise_linuxapache-commons-pool-tomcat-eap6p-cpe:/a:redhat:enterprise_linux:apache-commons-pool-tomcat-eap6
redhatenterprise_linuxdom4jp-cpe:/a:redhat:enterprise_linux:dom4j
redhatenterprise_linuxecj3p-cpe:/a:redhat:enterprise_linux:ecj3
redhatenterprise_linuxhttpdp-cpe:/a:redhat:enterprise_linux:httpd
redhatenterprise_linuxhttpd-develp-cpe:/a:redhat:enterprise_linux:httpd-devel
redhatenterprise_linuxhttpd-manualp-cpe:/a:redhat:enterprise_linux:httpd-manual
redhatenterprise_linuxhttpd-toolsp-cpe:/a:redhat:enterprise_linux:httpd-tools
Rows per page:
1-10 of 411

Related

nessus 50
redhat 7
openvas 44
securityvulns 7
atlassian 5
ubuntu 2
amazon 5
fedora 4
slackware 1
freebsd 1
f5 5
ubuntucve 5
tomcat 3
centos 2
osv 5
debian 3
oraclelinux 2
veracode 3
altlinux 3
mageia 2
httpd 4
prion 6
cve 5
nvd 5
seebug 4
cvelist 5
checkpoint_advisories 2
github 2
debiancve 5
hackerone 2
nessus
nessus
RHEL 5 : JBoss Web Server (RHSA-2013:1011)
2014-06-26 00:00:00
Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : tomcat6, tomcat7 vulnerabilities (USN-1841-1)
2013-05-29 00:00:00
Oracle Secure Global Desktop Multiple Vulnerabilities (January 2014 CPU)
2014-02-05 00:00:00
redhat
redhat
(RHSA-2013:1012) Moderate: Red Hat JBoss Web Server 2.0.1 update
2013-07-03 15:40:17
(RHSA-2013:1011) Moderate: Red Hat JBoss Web Server 2.0.1 update
2013-07-03 00:00:00
(RHSA-2013:0815) Moderate: httpd security update
2013-05-13 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-1841-1)
2013-05-31 00:00:00
Ubuntu Update for tomcat7 USN-1841-1
2013-05-31 00:00:00
Amazon Linux: Security Advisory (ALAS-2013-175)
2015-09-08 00:00:00
securityvulns
securityvulns
Apache Tomcat security vulnerabilities
2013-05-10 00:00:00
[ MDVSA-2013:015 ] apache
2013-03-02 00:00:00
Apache security vulnerabilities
2013-03-02 00:00:00
atlassian
atlassian
Upgrade bundled Tomcat due to security vulnerabilities
2013-05-21 04:29:40
Upgrade bundled Tomcat due to security vulnerabilities
2013-05-21 04:29:40
Upgrade bundled Tomcat to 6.0.37
2013-05-21 00:23:31
ubuntu
ubuntu
Tomcat vulnerabilities
2013-05-28 00:00:00
Apache HTTP Server vulnerabilities
2013-03-18 00:00:00
amazon
amazon
Medium: httpd24
2013-03-26 21:29:00
Medium: httpd
2013-03-26 21:25:00
Medium: httpd
2013-05-24 13:56:00
fedora
fedora
[SECURITY] Fedora 18 Update: httpd-2.4.4-2.fc18
2013-04-01 03:30:25
[SECURITY] Fedora 17 Update: tomcat-7.0.40-1.fc17
2013-05-21 08:28:12
[SECURITY] Fedora 19 Update: tomcat-7.0.40-2.fc19
2013-05-24 20:43:43
slackware
slackware
httpd
2013-03-03 15:02:33
freebsd
freebsd
apache22 -- several vulnerabilities
2012-10-07 00:00:00
f5
f5
SOL15865 - Apache HTTP server vulnerability CVE-2012-4558
2014-11-25 00:00:00
SOL15900 - Apache HTTP server vulnerability CVE-2012-3499
2014-12-10 00:00:00
K15900 : Apache HTTP server vulnerability CVE-2012-3499
2014-12-11 00:00:00
ubuntucve
ubuntucve
CVE-2012-4558
2013-02-26 00:00:00
CVE-2013-2071
2013-05-10 00:00:00
CVE-2012-3499
2013-02-26 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 6.0.37
2013-05-03 00:00:00
Fixed in Apache Tomcat 7.0.33
2012-11-21 00:00:00
Fixed in Apache Tomcat 7.0.40
2013-05-09 00:00:00
centos
centos
httpd, mod_ssl security update
2013-05-13 22:32:03
tomcat6 security update
2013-06-20 17:46:38
osv
osv
apache2 - several
2013-03-04 00:00:00
tomcat7 - security update
2014-04-08 00:00:00
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2022-05-17 02:44:28
debian
debian
[SECURITY] [DSA 2637-1] apache2 security update
2013-03-04 21:34:32
[SECURITY] [DSA 2637-1] apache2 security update
2013-03-04 21:34:32
[SECURITY] [DSA 2897-1] tomcat7 security update
2014-04-08 18:25:14
oraclelinux
oraclelinux
httpd security update
2013-05-13 00:00:00
tomcat6 security update
2013-06-20 00:00:00
veracode
veracode
Arbitrary Code Injection
2019-05-02 04:44:51
Cross-site Scripting (XSS)
2019-01-15 08:52:43
Session Fixation During Completion Of The Login Form
2019-01-15 08:55:05
altlinux
altlinux
Security fix for the ALT Linux 8 package apache2 version 2.2.24-alt1
2013-04-14 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.24-alt1
2013-04-14 00:00:00
Security fix for the ALT Linux 10 package apache2 version 2.2.24-alt1
2013-04-14 00:00:00
mageia
mageia
Updated tomcat6 packages fix multiple vulnerabilities and logging
2014-02-17 22:13:24
Updated tomcat7 packages fix CVE-2013-2071
2013-07-01 23:08:10
httpd
httpd
Apache Httpd < 2.4.4 : XSS due to unescaped hostnames
2012-07-11 00:00:00
Apache Httpd < 2.2.24 : XSS due to unescaped hostnames
2012-07-11 00:00:00
Apache Httpd < 2.4.4 : XSS in mod_proxy_balancer
2012-10-07 00:00:00
prion
prion
Cross site scripting
2013-02-26 16:55:00
Cross site request forgery (csrf)
2013-06-01 14:21:00
Session fixation
2013-06-01 14:21:00
cve
cve
CVE-2012-3499
2013-02-26 16:55:01
CVE-2013-2067
2013-06-01 14:21:05
CVE-2013-2071
2013-06-01 14:21:05
nvd
nvd
CVE-2012-3499
2013-02-26 16:55:01
CVE-2013-2071
2013-06-01 14:21:05
CVE-2013-2067
2013-06-01 14:21:05
seebug
seebug
Apache HTTP Server多个模块主机名和URI跨站脚本漏洞
2013-02-28 00:00:00
Apache Tomcat 信息泄露漏洞(CVE-2013-2071)
2013-05-17 00:00:00
Apache Tomcat表单验证功能安全绕过漏洞
2013-06-06 00:00:00
cvelist
cvelist
CVE-2012-3499
2013-02-26 16:00:00
CVE-2012-4558
2013-02-26 16:00:00
CVE-2013-2071
2013-06-01 10:00:00
checkpoint_advisories
checkpoint_advisories
Apache HTTPD mod_proxy_balancer Cross Site Scripting (CVE-2012-4558)
2013-03-24 00:00:00
Apache Tomcat Chunked Transfer Denial of Service - Ver 2 (CVE-2012-3544)
2013-11-10 00:00:00
github
github
Improper Authentication in Apache Tomcat
2022-05-14 01:10:35
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2022-05-17 02:44:28
debiancve
debiancve
CVE-2012-3499
2013-02-26 16:55:01
CVE-2013-2071
2013-06-01 14:21:00
CVE-2013-2067
2013-06-01 14:21:00
hackerone
hackerone
Pornhub: SSRF & XSS (W3 Total Cache)
2016-05-14 01:22:59
Marktplaats: Multiple Apache 2.2.22 Vulnerabilities (XSS/ Code Exec/ DoS)
2015-06-09 17:47:58

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.718 High

EPSS

Percentile

98.1%

JSON
Related for REDHAT-RHSA-2013-1012.NASL
nessus50redhat7openvas44securityvulns7atlassian5ubuntu2amazon5fedora4slackware1freebsd1f55ubuntucve5tomcat3centos2osv5debian3oraclelinux2veracode3altlinux3mageia2httpd4prion6cve5nvd5seebug4cvelist5checkpoint_advisories2github2debiancve5hackerone2