5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.8 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
68.3%
The version of Tomcat installed on the remote host is prior to 9.0.0.M22. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_9.0.0.m22_security-9 advisory.
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL. (CVE-2017-7675)
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances. (CVE-2017-7674)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(102590);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/23");
script_cve_id("CVE-2017-7674", "CVE-2017-7675");
script_bugtraq_id(100256, 100280);
script_name(english:"Apache Tomcat 9.0.0.M1 < 9.0.0.M22 multiple vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote Apache Tomcat server is affected by multiple vulnerabilities");
script_set_attribute(attribute:"description", value:
"The version of Tomcat installed on the remote host is prior to 9.0.0.M22. It is, therefore, affected by multiple
vulnerabilities as referenced in the fixed_in_apache_tomcat_9.0.0.m22_security-9 advisory.
- The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of
security checks that prevented directory traversal attacks. It was therefore possible to bypass security
constraints using a specially crafted URL. (CVE-2017-7675)
- The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to
7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This
permitted client and server side cache poisoning in some circumstances. (CVE-2017-7674)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M22
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3f24bb9f");
script_set_attribute(attribute:"see_also", value:"https://bz.apache.org/bugzilla/show_bug.cgi?id=61101");
script_set_attribute(attribute:"see_also", value:"https://bz.apache.org/bugzilla/show_bug.cgi?id=61120");
script_set_attribute(attribute:"see_also", value:"https://svn.apache.org/viewvc?view=rev&rev=1795813");
script_set_attribute(attribute:"see_also", value:"https://svn.apache.org/viewvc?view=rev&rev=1796090");
script_set_attribute(attribute:"solution", value:
"Upgrade to Apache Tomcat version 9.0.0.M22 or later.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7675");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/16");
script_set_attribute(attribute:"patch_publication_date", value:"2017/08/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/18");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:tomcat:9");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2017-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tomcat_error_version.nasl", "tomcat_win_installed.nbin", "apache_tomcat_nix_installed.nbin", "os_fingerprint.nasl");
script_require_keys("installed_sw/Apache Tomcat");
exit(0);
}
include('vcf_extras.inc');
vcf::tomcat::initialize();
var app_info = vcf::combined_get_app_info(app:'Apache Tomcat');
var constraints = [
{ 'min_version' : '9.0.0.M1', 'max_version' : '9.0.0.M21', 'fixed_version' : '9.0.0.M22' }
];
vcf::check_all_backporting(app_info:app_info);
vcf::check_granularity(app_info:app_info, sig_segments:3);
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING
);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7674
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7675
www.nessus.org/u?3f24bb9f
bz.apache.org/bugzilla/show_bug.cgi?id=61101
bz.apache.org/bugzilla/show_bug.cgi?id=61120
svn.apache.org/viewvc?view=rev&rev=1795813
svn.apache.org/viewvc?view=rev&rev=1796090
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.8 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
68.3%