Detections
Analytics

Apache Tomcat 7.0.0 < 7.0.19 multiple vulnerabilities

medium Nessus Plugin ID 55759

Language:

Synopsis

The remote Apache Tomcat server is affected by multiple vulnerabilities

Description

The version of Tomcat installed on the remote host is prior to 7.0.19. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_7.0.19_security-7 advisory.

 - Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application. (CVE-2011-2526)

 - Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. (CVE-2011-2204)

 - Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. (CVE-2009-0783)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Apache Tomcat version 7.0.19 or later.

See Also

http://www.nessus.org/u?308ea2b5

https://bz.apache.org/bugzilla/show_bug.cgi?id=51395

https://svn.apache.org/viewvc?view=rev&rev=1137753

https://svn.apache.org/viewvc?view=rev&rev=1138776

https://svn.apache.org/viewvc?view=rev&rev=1138788

https://svn.apache.org/viewvc?view=rev&rev=1140070

https://svn.apache.org/viewvc?view=rev&rev=1145383

https://svn.apache.org/viewvc?view=rev&rev=1145489

https://svn.apache.org/viewvc?view=rev&rev=1145571

https://svn.apache.org/viewvc?view=rev&rev=1145694

https://svn.apache.org/viewvc?view=rev&rev=1146005

Plugin Details

Severity: Medium

ID: 55759

File Name: tomcat_7_0_19.nasl

Version: 1.22

Type: combined

Agent: windows, macosx, unix

Family: Web Servers

Published: 8/3/2011

Updated: 5/23/2024

Configuration: Enable thorough checks

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2009-0783

CVSS v3

Risk Factor: Medium

Base Score: 4.2

Temporal Score: 3.7

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:tomcat:7

Required KB Items: installed_sw/Apache Tomcat

Exploit Ease: No known exploits are available

Patch Publication Date: 7/19/2011

Vulnerability Publication Date: 6/27/2011

Reference Information

CVE: CVE-2009-0783, CVE-2011-2204, CVE-2011-2526

BID: 48456, 48667, 49147