Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2015-2660.NASL
HistoryDec 17, 2015 - 12:00 a.m.

RHEL 7 : JBoss Web Server (RHSA-2015:2660)

2015-12-1700:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.467 Medium

EPSS

Percentile

97.5%

JSON

Updated Red Hat JBoss Web Server 3.0.2 packages are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.

It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and prevent further, legitimate connections to the Tomcat server.
(CVE-2014-0230)

A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header restrictions defined with mod_headers.
(CVE-2013-5704)

Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183)

  • This enhancement update adds the Red Hat JBoss Web Server 3.0.2 packages to Red Hat Enterprise Linux 7. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-229)

Users of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2015:2660. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(87458);
  script_version("2.23");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/02/05");

  script_cve_id("CVE-2013-5704", "CVE-2014-0230", "CVE-2014-3581", "CVE-2015-3183", "CVE-2015-5174");
  script_xref(name:"RHSA", value:"2015:2660");

  script_name(english:"RHEL 7 : JBoss Web Server (RHSA-2015:2660)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description",
    value:
"Updated Red Hat JBoss Web Server 3.0.2 packages are now available for
Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the
Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat
Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and
the Tomcat Native library.

It was found that Tomcat would keep connections open after processing
requests with a large enough request body. A remote attacker could
potentially use this flaw to exhaust the pool of available connections
and prevent further, legitimate connections to the Tomcat server.
(CVE-2014-0230)

A flaw was found in the way httpd handled HTTP Trailer headers when
processing requests using chunked encoding. A malicious client could
use Trailer headers to set additional HTTP headers after header
processing was performed by other modules. This could, for example,
lead to a bypass of header restrictions defined with mod_headers.
(CVE-2013-5704)

Multiple flaws were found in the way httpd parsed HTTP requests and
responses using chunked transfer encoding. A remote attacker could use
these flaws to create a specially crafted request, which httpd would
decode differently from an HTTP proxy software in front of it,
possibly leading to HTTP request smuggling attacks. (CVE-2015-3183)

* This enhancement update adds the Red Hat JBoss Web Server 3.0.2
packages to Red Hat Enterprise Linux 7. These packages provide a
number of enhancements over the previous version of Red Hat JBoss Web
Server. (JIRA#JWS-229)

Users of Red Hat JBoss Web Server are advised to upgrade to these
updated packages, which add this enhancement."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2015:2660"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-5704"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2014-0230"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2014-3581"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2015-3183"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2015-5174"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-eap6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-tomcat-eap6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd24");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd24-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd24-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd24-manual");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd24-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_bmx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_bmx-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_ldap24");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_proxy24_html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_session24");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_ssl24");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat-vault");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat8-admin-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat8-docs-webapp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat8-el-2.2-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat8-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat8-jsp-2.3-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat8-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat8-log4j");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat8-servlet-3.1-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat8-webapps");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/12/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/17");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2015:2660";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;

  if (! (rpm_exists(release:"RHEL7", rpm:"jws-3"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "JBoss Web Server");

  if (rpm_check(release:"RHEL7", reference:"apache-commons-collections-eap6-3.2.1-18.redhat_7.1.ep6.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"apache-commons-collections-tomcat-eap6-3.2.1-18.redhat_7.1.ep6.el7")) flag++;
  if (rpm_exists(rpm:"httpd24-2.4", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"httpd24-2.4.6-59.ep7.el7")) flag++;
  if (rpm_exists(rpm:"httpd24-debuginfo-2.4", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"httpd24-debuginfo-2.4.6-59.ep7.el7")) flag++;
  if (rpm_exists(rpm:"httpd24-devel-2.4", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"httpd24-devel-2.4.6-59.ep7.el7")) flag++;
  if (rpm_exists(rpm:"httpd24-manual-2.4", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"httpd24-manual-2.4.6-59.ep7.el7")) flag++;
  if (rpm_exists(rpm:"httpd24-tools-2.4", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"httpd24-tools-2.4.6-59.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"mod_bmx-0.9.5-7.GA.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"mod_bmx-debuginfo-0.9.5-7.GA.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"mod_cluster-native-1.3.1-6.Final_redhat_2.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"mod_cluster-native-debuginfo-1.3.1-6.Final_redhat_2.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"mod_ldap24-2.4.6-59.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"mod_proxy24_html-2.4.6-59.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"mod_session24-2.4.6-59.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"mod_ssl24-2.4.6-59.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat-vault-1.0.8-4.Final_redhat_4.1.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat7-7.0.59-42_patch_01.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat7-admin-webapps-7.0.59-42_patch_01.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat7-docs-webapp-7.0.59-42_patch_01.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat7-el-2.2-api-7.0.59-42_patch_01.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat7-javadoc-7.0.59-42_patch_01.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat7-jsp-2.2-api-7.0.59-42_patch_01.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat7-lib-7.0.59-42_patch_01.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat7-log4j-7.0.59-42_patch_01.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat7-servlet-3.0-api-7.0.59-42_patch_01.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat7-webapps-7.0.59-42_patch_01.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat8-8.0.18-52_patch_01.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat8-admin-webapps-8.0.18-52_patch_01.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat8-docs-webapp-8.0.18-52_patch_01.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat8-el-2.2-api-8.0.18-52_patch_01.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat8-javadoc-8.0.18-52_patch_01.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat8-jsp-2.3-api-8.0.18-52_patch_01.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat8-lib-8.0.18-52_patch_01.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat8-log4j-8.0.18-52_patch_01.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat8-servlet-3.1-api-8.0.18-52_patch_01.ep7.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat8-webapps-8.0.18-52_patch_01.ep7.el7")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache-commons-collections-eap6 / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxmod_bmxp-cpe:/a:redhat:enterprise_linux:mod_bmx
redhatenterprise_linuxmod_bmx-debuginfop-cpe:/a:redhat:enterprise_linux:mod_bmx-debuginfo
redhatenterprise_linuxmod_cluster-nativep-cpe:/a:redhat:enterprise_linux:mod_cluster-native
redhatenterprise_linuxmod_cluster-native-debuginfop-cpe:/a:redhat:enterprise_linux:mod_cluster-native-debuginfo
redhatenterprise_linuxmod_ldap24p-cpe:/a:redhat:enterprise_linux:mod_ldap24
redhatenterprise_linuxmod_proxy24_htmlp-cpe:/a:redhat:enterprise_linux:mod_proxy24_html
redhatenterprise_linuxmod_session24p-cpe:/a:redhat:enterprise_linux:mod_session24
redhatenterprise_linuxmod_ssl24p-cpe:/a:redhat:enterprise_linux:mod_ssl24
redhatenterprise_linuxtomcat-vaultp-cpe:/a:redhat:enterprise_linux:tomcat-vault
redhatenterprise_linuxapache-commons-collections-eap6p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-eap6
Rows per page:
1-10 of 371

Related

redhat 14
nessus 46
openvas 28
debian 2
osv 4
centos 3
oraclelinux 4
ibm 28
mageia 1
slackware 1
freebsd 2
fedora 2
amazon 3
gentoo 1
prion 5
seebug 1
nvd 5
debiancve 5
cve 5
f5 7
ubuntu 1
veracode 5
httpd 5
cvelist 5
securityvulns 4
ubuntucve 5
tomcat 3
github 2
archlinux 1
myhack58 1
redhat
redhat
(RHSA-2015:2659) Moderate: Red Hat JBoss Web Server 3.0.2 security update
2015-12-16 18:09:20
(RHSA-2015:2660) Moderate: Red Hat JBoss Web Server 3.0.2 security update
2015-12-16 18:09:36
(RHSA-2014:1972) Low: httpd24-httpd security and bug fix update
2014-12-09 00:00:00
nessus
nessus
RHEL 6 : JBoss Web Server (RHSA-2015:2659)
2015-12-17 00:00:00
Scientific Linux Security Update : httpd on SL7.x x86_64 (20150305)
2015-03-26 00:00:00
Oracle Linux 6 : httpd24-httpd (ELSA-2014-1972)
2023-09-07 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-71-1)
2023-03-08 00:00:00
Oracle: Security Advisory (ELSA-2015-0325)
2015-10-06 00:00:00
RedHat Update for httpd RHSA-2015:0325-01
2015-03-06 00:00:00
debian
debian
[SECURITY] [DLA 71-1] apache2 security update
2014-10-16 10:10:29
[SECURITY] [DLA 284-1] apache2 security update
2015-07-28 21:31:48
osv
osv
apache2 - security update
2014-10-16 00:00:00
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
2022-05-14 01:10:16
Uncontrolled Resource Consumption in Apache Tomcat
2022-05-14 01:10:18
centos
centos
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
2015-03-17 13:28:17
httpd, mod_ssl security update
2015-07-26 14:13:10
httpd, mod_ssl security update
2015-08-24 18:23:20
oraclelinux
oraclelinux
httpd security, bug fix, and enhancement update
2015-03-11 00:00:00
httpd security, bug fix, and enhancement update
2015-07-28 00:00:00
httpd security update
2015-08-24 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in httpd affect Power Hardware Management Console (CVE-2013-5704, CVE-2015-3183)
2021-09-23 01:31:39
Security bulletin: Rational Directory Server (Tivoli) is affected by an Apache Tomcat vulnerability (CVE-2015-5174)
2018-06-17 05:12:45
Security Bulletin: Apache Tomcat vulnerability in IBM Algo Audit and Compliance (CVE-2015-5174)
2018-06-15 22:44:38
mageia
mageia
Updated apache packages fix security vulnerabilities
2014-12-13 23:16:05
slackware
slackware
[slackware-security] httpd
2015-04-22 01:20:26
freebsd
freebsd
apache24 -- several vulnerabilities
2015-01-29 00:00:00
apache22 -- chunk header parsing defect
2015-06-24 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: httpd-2.4.10-2.fc20
2015-02-28 10:22:55
[SECURITY] Fedora 21 Update: httpd-2.4.10-15.fc21
2015-03-16 01:41:46
amazon
amazon
Low: httpd24
2015-02-12 10:57:00
Low: httpd
2014-09-17 21:48:00
Medium: httpd
2015-08-17 12:23:00
gentoo
gentoo
Apache: Multiple vulnerabilities
2016-10-06 00:00:00
prion
prion
Design/Logic Flaw
2014-04-15 10:55:00
Directory traversal
2016-02-25 01:59:00
Null pointer dereference
2014-10-10 10:55:00
seebug
seebug
ModSecurity 'mod_headers'模块安全限制绕过漏洞
2014-04-04 00:00:00
nvd
nvd
CVE-2013-5704
2014-04-15 10:55:11
CVE-2014-3581
2014-10-10 10:55:07
CVE-2015-5174
2016-02-25 01:59:00
debiancve
debiancve
CVE-2013-5704
2014-04-15 10:55:11
CVE-2014-3581
2014-10-10 10:55:07
CVE-2015-5174
2016-02-25 01:59:00
cve
cve
CVE-2013-5704
2014-04-15 10:55:11
CVE-2014-3581
2014-10-10 10:55:07
CVE-2015-5174
2016-02-25 01:59:00
f5
f5
SOL16863 - Apache vulnerability CVE-2013-5704
2015-07-07 00:00:00
Apache vulnerability CVE-2013-5704
2015-07-07 21:58:00
K30971148 : Apache Tomcat 6.x vulnerability CVE-2015-5174
2016-03-23 00:00:00
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2015-03-10 00:00:00
veracode
veracode
Authorization Bypass
2019-01-15 09:03:16
Denial Of Service (DoS)
2019-05-02 05:05:52
Directory Traversal
2019-01-15 09:09:27
httpd
httpd
Apache Httpd < 2.2.29 : HTTP Trailers processing bypass
2013-09-06 00:00:00
Apache Httpd < 2.4.12 : HTTP Trailers processing bypass
2013-09-06 00:00:00
Apache Httpd < 2.4.12 : mod_cache crash with empty Content-Type header
2014-09-08 00:00:00
cvelist
cvelist
CVE-2013-5704
2014-04-15 10:00:00
CVE-2015-5174
2016-02-25 01:00:00
CVE-2014-3581
2014-10-10 10:00:00
securityvulns
securityvulns
[USN-2523-1] Apache HTTP Server vulnerabilities
2015-03-15 00:00:00
Apache multiple security vulnerabilities
2015-04-16 00:00:00
[SECURITY] CVE-2014-0230: Apache Tomcat DoS
2015-05-11 00:00:00
ubuntucve
ubuntucve
CVE-2013-5704
2014-04-15 00:00:00
CVE-2015-5174
2016-02-24 00:00:00
CVE-2014-3581
2014-10-10 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 7.0.65
2015-10-19 00:00:00
Fixed in Apache Tomcat 8.0.27
2015-10-01 00:00:00
Fixed in Apache Tomcat 8.0.9
2014-06-24 00:00:00
github
github
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
2022-05-14 01:10:16
Uncontrolled Resource Consumption in Apache Tomcat
2022-05-14 01:10:18
archlinux
archlinux
tomcat6: denial of service
2015-05-13 00:00:00
myhack58
myhack58
Apache Tomcat denial of service vulnerability(CVE-2 0 1 4-0 2 3 0)-vulnerability warning-the black bar safety net
2015-05-11 00:00:00

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.467 Medium

EPSS

Percentile

97.5%

JSON
Related for REDHAT-RHSA-2015-2660.NASL
redhat14nessus46openvas28debian2osv4centos3oraclelinux4ibm28mageia1slackware1freebsd2fedora2amazon3gentoo1prion5seebug1nvd5debiancve5cve5f57ubuntu1veracode5httpd5cvelist5securityvulns4ubuntucve5tomcat3github2archlinux1myhack581