Apache Tomcat < 8.5.66 Vulnerability

medium Nessus Network Monitor Plugin ID 701353

Synopsis

The remote Apache Tomcat server is affected by Vulnerability

Description

The version of Apache Tomcat installed on the remote host is < 8.5.66. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_8.5.66_security-8 advisory. Note that Nessus Network Monitor has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Apache Tomcat version 8.5.66 or later.

https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c,https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100,https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822,https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe,https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b,https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972,https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38,https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375,https://bz.apache.org/bugzilla/show_bug.cgi?id=65224,https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.66

Plugin Details

Severity: Medium

ID: 701353

Family: Web Servers

Published: 7/12/2021

Updated: 7/12/2021

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Vulnerability Information

CPE: cpe:/a:apache:tomcat

Patch Publication Date: 5/12/2021

Vulnerability Publication Date: 5/12/2021

Reference Information

CVE: CVE-2021-30640

Detections

Analytics