CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
98.3%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2018.3261.1");
script_cve_id("CVE-2017-15706", "CVE-2018-11784", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-1336", "CVE-2018-8014", "CVE-2018-8034");
script_tag(name:"creation_date", value:"2021-04-19 00:00:00 +0000 (Mon, 19 Apr 2021)");
script_version("2024-02-02T14:37:50+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:50 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2018-06-20 17:44:20 +0000 (Wed, 20 Jun 2018)");
script_name("SUSE: Security Advisory (SUSE-SU-2018:3261-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES12\.0)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2018:3261-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2018/suse-su-20183261-1/");
script_xref(name:"URL", value:"https://tomcat.apache.org/tomcat-7.0-doc/changelog.html");
script_tag(name:"summary", value:"The remote host is missing an update for the 'tomcat' package(s) announced via the SUSE-SU-2018:3261-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for tomcat fixes the following issues:
Version update to 7.0.90:
Another bugfix release, for full details see:
[link moved to references]
Security issues fixed:
CVE-2018-11784: When the default servlet in Apache Tomcat returned a
redirect to a directory (e.g. redirecting to '/foo/' when the user
requested '/foo') a specially crafted URL could be used to cause the
redirect to be generated to any URI of the attackers choice.
(bsc#1110850)
CVE-2017-15706: As part of the fix for bug 61201, the documentation for
Apache Tomcat included an updated description of the search algorithm
used by the CGI Servlet to identify which script to execute. The update
was not correct. As a result, some scripts may have failed to execute as
expected and other scripts may have been executed unexpectedly. Note
that the behaviour of the CGI servlet has remained unchanged in this
regard. It is only the documentation of the behaviour that was wrong and
has been corrected.(bsc#1078677)
CVE-2018-1304: The URL pattern of \'\' (the empty string) which exactly
maps to the context root was not correctly handled in Apache Tomcat when
used as part of a security constraint definition. This caused the
constraint to be ignored. It was, therefore, possible for unauthorised
users to gain access to web application resources that should have been
protected. Only security constraints with a URL pattern of the empty
string were affected. (bsc#1082480)
CVE-2018-1305: Security constraints defined by annotations of Servlets
in Apache Tomcat were only applied once a Servlet had been loaded.
Because security constraints defined in this way apply to the URL
pattern and any URLs below that point, it was possible - depending on
the order Servlets were loaded - for some security constraints not to be
applied. This could have exposed resources to users who were not
authorised to access them.(bsc#1082481)
CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with
supplementary characters can lead to an infinite loop in the decoder
causing a Denial of Service. (bsc#1102400)
CVE-2018-8014: Fixed default settings for the CORS filter, which were
insecure and enabled 'supportsCredentials' for all origins. (bsc#1093697)
CVE-2018-8034: Fixed the host name verification when using TLS with the
WebSocket client, which was not enabled by default. (bsc#1102379)");
script_tag(name:"affected", value:"'tomcat' package(s) on SUSE Linux Enterprise Server 12.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES12.0") {
if(!isnull(res = isrpmvuln(pkg:"tomcat", rpm:"tomcat~7.0.90~7.23.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"tomcat-admin-webapps", rpm:"tomcat-admin-webapps~7.0.90~7.23.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"tomcat-docs-webapp", rpm:"tomcat-docs-webapp~7.0.90~7.23.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"tomcat-el-2_2-api", rpm:"tomcat-el-2_2-api~7.0.90~7.23.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"tomcat-javadoc", rpm:"tomcat-javadoc~7.0.90~7.23.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"tomcat-jsp-2_2-api", rpm:"tomcat-jsp-2_2-api~7.0.90~7.23.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"tomcat-lib", rpm:"tomcat-lib~7.0.90~7.23.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"tomcat-servlet-3_0-api", rpm:"tomcat-servlet-3_0-api~7.0.90~7.23.1", rls:"SLES12.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"tomcat-webapps", rpm:"tomcat-webapps~7.0.90~7.23.1", rls:"SLES12.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
98.3%