This script is Copyright (C) 2017-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TOMCAT_8_5_16.NASLApache Tomcat 8.5.0 < 8.5.16 multiple vulnerabilities
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.8 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
68.4%
The version of Tomcat installed on the remote host is prior to 8.5.16. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_8.5.16_security-8 advisory.
-
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL. (CVE-2017-7675)
-
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances. (CVE-2017-7674)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(102589);
script_version("1.12");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/23");
script_cve_id("CVE-2017-7674", "CVE-2017-7675");
script_bugtraq_id(100256, 100280);
script_name(english:"Apache Tomcat 8.5.0 < 8.5.16 multiple vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote Apache Tomcat server is affected by multiple vulnerabilities");
script_set_attribute(attribute:"description", value:
"The version of Tomcat installed on the remote host is prior to 8.5.16. It is, therefore, affected by multiple
vulnerabilities as referenced in the fixed_in_apache_tomcat_8.5.16_security-8 advisory.
- The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of
security checks that prevented directory traversal attacks. It was therefore possible to bypass security
constraints using a specially crafted URL. (CVE-2017-7675)
- The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to
7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This
permitted client and server side cache poisoning in some circumstances. (CVE-2017-7674)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.16
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?16acd6f7");
script_set_attribute(attribute:"see_also", value:"https://bz.apache.org/bugzilla/show_bug.cgi?id=61101");
script_set_attribute(attribute:"see_also", value:"https://bz.apache.org/bugzilla/show_bug.cgi?id=61120");
script_set_attribute(attribute:"see_also", value:"https://svn.apache.org/viewvc?view=rev&rev=1795814");
script_set_attribute(attribute:"see_also", value:"https://svn.apache.org/viewvc?view=rev&rev=1796091");
script_set_attribute(attribute:"solution", value:
"Upgrade to Apache Tomcat version 8.5.16 or later.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7675");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/16");
script_set_attribute(attribute:"patch_publication_date", value:"2017/08/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/18");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:tomcat:8");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2017-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tomcat_error_version.nasl", "tomcat_win_installed.nbin", "apache_tomcat_nix_installed.nbin", "os_fingerprint.nasl");
script_require_keys("installed_sw/Apache Tomcat");
exit(0);
}
include('vcf_extras.inc');
vcf::tomcat::initialize();
var app_info = vcf::combined_get_app_info(app:'Apache Tomcat');
var constraints = [
{ 'min_version' : '8.5.0', 'max_version' : '8.5.15', 'fixed_version' : '8.5.16' }
];
vcf::check_all_backporting(app_info:app_info);
vcf::check_granularity(app_info:app_info, sig_segments:3);
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING
);
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7674
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7675
www.nessus.org/u?16acd6f7
bz.apache.org/bugzilla/show_bug.cgi?id=61101
bz.apache.org/bugzilla/show_bug.cgi?id=61120
svn.apache.org/viewvc?view=rev&rev=1795814
svn.apache.org/viewvc?view=rev&rev=1796091
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.8 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
68.4%