The version of Apache Tomcat installed on the remote host is 8.5.7 to 8.5.63 and 9.0.0-M11 to 9.0.43. It is, therefore, affected by a request smuggling vulnerability.

Note that the scanner has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

The version of IBM Engineering Requirements Management DOORS (formerly IBM Rational DOORS) installed on the remote host is 9.7.2.x prior to 9.7.2.8. It is, therefore, affected by multiple vulnerabilities as referenced in the 7124058 advisory.

  - Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet     containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly     vulnerable to an authorization bypass. (CVE-2022-32532)

  - The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow     a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary     shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client     or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade     both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
    (CVE-2023-46604)

  - Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be     exploited. There is only a risk in conjunction with Java object deserialization within an application. In     such situations, it allows attackers to erase contents of arbitrary files, make network connections, or     possibly run arbitrary code (specifically, Function0 functions) via a gadget chain. (CVE-2022-36944)

  - IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which     could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the     website trusts. IBM X-Force ID: 251216. (CVE-2023-28949)

  - A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows     remote attackers to inject arbitrary web script through a crafted protected comment (with the     cke_protected syntax). (CVE-2020-9281)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Tomcat installed on the remote host is prior to 9.0.44. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_9.0.44_security-9 advisory.

  - Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate     incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially     crafted packet could be used to trigger an infinite loop resulting in a denial of service.
    (CVE-2021-41079)

  - Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue     affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to     upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue. (CVE-2024-21733)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of tomcat installed on the remote host is prior to 9.0.50-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2024-011 advisory.

  - Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP     transfer-encoding request header in some circumstances leading to the possibility to request smuggling     when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if     the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding;
    and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.
    (CVE-2021-33037)

  - Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue     affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to     upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue. (CVE-2024-21733)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Tomcat installed on the remote host is prior to 8.5.64. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_8.5.64_security-8 advisory.

  - Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate     incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially     crafted packet could be used to trigger an infinite loop resulting in a denial of service.
    (CVE-2021-41079)

  - Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue     affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to     upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue. (CVE-2024-21733)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of tomcat installed on the remote host is prior to 8.5.69-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2024-017 advisory.

  - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of     a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue     affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65. (CVE-2021-30640)

  - Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP     transfer-encoding request header in some circumstances leading to the possibility to request smuggling     when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if     the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding;
    and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.
    (CVE-2021-33037)

  - Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue     affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to     upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue. (CVE-2024-21733)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched.

  - tomcat: Leaking of unrelated request bodies in default error page (CVE-2024-21733)

Note that Nessus has not tested for this issue but has instead relied on the package manager's report that the package is installed.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0829-1 advisory.

  - Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue     affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to     upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue. (CVE-2024-21733)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
114216	Apache Tomcat 8.5.7 < 8.5.64 Request Smuggling	Web App Scanning	Component Vulnerability	2/21/2024	2/21/2024	medium
114215	Apache Tomcat 9.0.0-M11 < 9.0.44 Request Smuggling	Web App Scanning	Component Vulnerability	2/21/2024	2/21/2024	medium
191754	IBM Engineering Requirements Management DOORS 9.7.2.x < 9.7.2.8 Multiple Vulnerabilities (7124058)	Nessus	Windows	3/8/2024	3/12/2024	critical
194473	Apache Tomcat 9.0.0.M1 < 9.0.44 multiple vulnerabilities	Nessus	Web Servers	4/29/2024	5/23/2024	medium
190051	Amazon Linux 2 : tomcat (ALASTOMCAT9-2024-011)	Nessus	Amazon Linux Local Security Checks	2/6/2024	3/15/2024	medium
194472	Apache Tomcat 8.5.0 < 8.5.64 multiple vulnerabilities	Nessus	Web Servers	4/29/2024	5/23/2024	medium
190055	Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2024-017)	Nessus	Amazon Linux Local Security Checks	2/6/2024	3/15/2024	medium
199064	RHEL 9 : pki-servlet-engine (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	6/3/2024	7/12/2024	medium
192015	SUSE SLES12 Security Update : tomcat (SUSE-SU-2024:0829-1)	Nessus	SuSE Local Security Checks	3/13/2024	3/15/2024	medium

Detections

Analytics

Plugins Search

medium

medium

critical

medium

medium

medium

medium

medium

medium