CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
Low
EPSS
Percentile
17.9%
The version of Tomcat installed on the remote host is prior to 7.0.19. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_7.0.19_security-7 advisory.
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application. (CVE-2011-2526)
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. (CVE-2011-2204)
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. (CVE-2009-0783)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(55759);
script_version("1.22");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/23");
script_cve_id("CVE-2009-0783", "CVE-2011-2204", "CVE-2011-2526");
script_bugtraq_id(48456, 48667, 49147);
script_name(english:"Apache Tomcat 7.0.0 < 7.0.19 multiple vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote Apache Tomcat server is affected by multiple vulnerabilities");
script_set_attribute(attribute:"description", value:
"The version of Tomcat installed on the remote host is prior to 7.0.19. It is, therefore, affected by multiple
vulnerabilities as referenced in the fixed_in_apache_tomcat_7.0.19_security-7 advisory.
- Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for
the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users
to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by
leveraging an untrusted web application. (CVE-2011-2526)
- Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase
is used, creates log entries containing passwords upon encountering errors in JMX user creation, which
allows local users to obtain sensitive information by reading a log file. (CVE-2011-2204)
- Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web
applications to replace an XML parser used for other web applications, which allows local users to read or
modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted
application that is loaded earlier than the target application. (CVE-2009-0783)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.19
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?308ea2b5");
script_set_attribute(attribute:"see_also", value:"https://bz.apache.org/bugzilla/show_bug.cgi?id=51395");
script_set_attribute(attribute:"see_also", value:"https://svn.apache.org/viewvc?view=rev&rev=1137753");
script_set_attribute(attribute:"see_also", value:"https://svn.apache.org/viewvc?view=rev&rev=1138776");
script_set_attribute(attribute:"see_also", value:"https://svn.apache.org/viewvc?view=rev&rev=1138788");
script_set_attribute(attribute:"see_also", value:"https://svn.apache.org/viewvc?view=rev&rev=1140070");
script_set_attribute(attribute:"see_also", value:"https://svn.apache.org/viewvc?view=rev&rev=1145383");
script_set_attribute(attribute:"see_also", value:"https://svn.apache.org/viewvc?view=rev&rev=1145489");
script_set_attribute(attribute:"see_also", value:"https://svn.apache.org/viewvc?view=rev&rev=1145571");
script_set_attribute(attribute:"see_also", value:"https://svn.apache.org/viewvc?view=rev&rev=1145694");
script_set_attribute(attribute:"see_also", value:"https://svn.apache.org/viewvc?view=rev&rev=1146005");
script_set_attribute(attribute:"solution", value:
"Upgrade to Apache Tomcat version 7.0.19 or later.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-0783");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/06/27");
script_set_attribute(attribute:"patch_publication_date", value:"2011/07/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/03");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:tomcat:7");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2011-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tomcat_error_version.nasl", "tomcat_win_installed.nbin", "apache_tomcat_nix_installed.nbin", "os_fingerprint.nasl");
script_require_keys("installed_sw/Apache Tomcat");
exit(0);
}
include('vcf_extras.inc');
vcf::tomcat::initialize();
var app_info = vcf::combined_get_app_info(app:'Apache Tomcat');
var constraints = [
{ 'min_version' : '7.0.0', 'max_version' : '7.0.18', 'fixed_version' : '7.0.19' }
];
vcf::check_all_backporting(app_info:app_info);
vcf::check_granularity(app_info:app_info, sig_segments:3);
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING
);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526
www.nessus.org/u?308ea2b5
bz.apache.org/bugzilla/show_bug.cgi?id=51395
svn.apache.org/viewvc?view=rev&rev=1137753
svn.apache.org/viewvc?view=rev&rev=1138776
svn.apache.org/viewvc?view=rev&rev=1138788
svn.apache.org/viewvc?view=rev&rev=1140070
svn.apache.org/viewvc?view=rev&rev=1145383
svn.apache.org/viewvc?view=rev&rev=1145489
svn.apache.org/viewvc?view=rev&rev=1145571
svn.apache.org/viewvc?view=rev&rev=1145694
svn.apache.org/viewvc?view=rev&rev=1146005
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
Low
EPSS
Percentile
17.9%