The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5360-1 advisory.

    It was discovered that Tomcat incorrectly performed input verification. A remote attacker could possibly     use this issue to intercept sensitive information. (CVE-2020-13943, CVE-2020-17527, CVE-2021-25122,     CVE-2021-30640)

    It was discovered that Tomcat did not properly deserialize untrusted data. An attacker could possibly use     this issue to execute arbitrary code. (CVE-2020-9484, CVE-2021-33037)

    It was discovered that Tomcat did not properly validate the input length. An attacker could possibly use     this to trigger an infinite loop, resulting in a denial of service. (CVE-2021-25329, CVE-2021-41079)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 18.04 LTS / 20.04 LTS : Tomcat vulnerabilities (USN-5360-1)

high Nessus Plugin ID 159385

Version 1.10

Version 1.9

Version 1.8

Version 1.7

Version 1.6

Version 1.5

Version 1.10 Aug 28, 2024, 7:43 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202408281943
Version 1.9 Nov 2, 2023, 4:31 AM IAVM reference Plugin Feed: 202311020431
Version 1.8 Oct 16, 2023, 7:25 PM CVE (set "CVE" coverage to "CVE-2020-9484,CVE-2020-13943,CVE-2020-17527,CVE-2021-25122,CVE-2021-25329,CVE-2021-30640,CVE-2021-33037,CVE-2021-41079") Plugin Feed: 202310161925
Version 1.7 Jul 11, 2023, 1:48 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Detection Plugin Feed: 202307110148
Version 1.6 Jan 18, 2023, 9:01 AM Logic Changes (Added support for s390x) Plugin Feed: 202301180901
Version 1.5 Dec 6, 2022, 2:54 AM Reference Plugin Feed: 202212060254