Severity: High
ID: 195432
File Name: redhat_unpatched-tomcat-rhel6.nasl
Version: 1.3
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 5/11/2024
Updated: 5/31/2024
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Factor: Medium
Score: 6.7
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.2
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2022-25762
Risk Factor: High
Base Score: 8.6
Temporal Score: 8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
CPE: p-cpe:/a:redhat:enterprise_linux:tomcat, p-cpe:/a:redhat:enterprise_linux:tomcat6, cpe:/o:redhat:enterprise_linux:5, cpe:/o:redhat:enterprise_linux:9, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:tomcat5, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:pki-servlet-engine, cpe:/o:redhat:enterprise_linux:8
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Publication Date: 9/19/2017
Elliot (Apache Tomcat VirtualDirContext Class File Handling Remote JSP Source Code Disclosure)
CVE: CVE-2017-12616, CVE-2019-0221, CVE-2019-12418, CVE-2019-17563, CVE-2020-13943, CVE-2020-1935, CVE-2021-25329, CVE-2022-23181, CVE-2022-25762, CVE-2022-29885, CVE-2022-45143, CVE-2023-28708, CVE-2023-28709, CVE-2023-34981, CVE-2023-42794