The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6943-1 advisory.

    It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore     configurations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only     affected tomcat8 for Ubuntu 18.04 LTS (CVE-2020-9484)

    It was discovered that Tomcat incorrectly handled certain HTTP/2 connection requests. A remote attacker     could use this issue to obtain wrong responses possibly containing sensitive information. This issue only     affected tomcat8 for Ubuntu 18.04 LTS (CVE-2021-25122)

    Thomas Wozenilek discovered that Tomcat incorrectly handled certain TLS packets. A remote attacker could     possibly use this issue to cause a denial of service. This issue only affected tomcat8 for Ubuntu 18.04     LTS (CVE-2021-41079)

    Trung Pham discovered that a race condition existed in Tomcat when handling session files with FileStore.
    A remote attacker could possibly use this issue to execute arbitrary code. This issue affected tomcat8 for     Ubuntu 16.04 LTS and Ubuntu 18.04 LTS, and tomcat9 for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS     (CVE-2022-23181)

    It was discovered that Tomcat's documentation incorrectly stated that EncryptInterceptor provided     availability protection when running over an untrusted network. A remote attacker could possibly use this     issue to cause a denial of service even if EncryptInterceptor was being used. This issue affected tomcat8     for Ubuntu 18.04 LTS, and tomcat9 for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS     (CVE-2022-29885)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Tomcat vulnerabilities (USN-6943-1)

high Nessus Plugin ID 204963

Version 1.3

Version 1.2

Version 1.1

Version 1.3 Aug 28, 2024, 7:43 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin Feed: 202408281943
Version 1.2 Aug 2, 2024, 8:17 PM CEA reference Plugin Feed: 202408022017
Version 1.1 Aug 2, 2024, 4:14 AM New Plugin Feed: 202408020414