7.8 - DSA-3447

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	tomcat7 security update

Informations
Name	DSA-3447	First vendor Publication	2016-01-17
Vendor	Debian	Last vendor Modification	2016-01-17
Severity (Vendor)	N/A	Revision	1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score	7.8	Attack Range	Network
Cvss Impact Score	6.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section.

For the oldstable distribution (wheezy), this problem has been fixed in version 7.0.28-4+deb7u3. This update also provides fixes for CVE-2013-4444, CVE-2014-0075, CVE-2014-0099, CVE-2014-0227 and CVE-2014-0230, which were all fixed for the stable distribution (jessie) already.

For the stable distribution (jessie), this problem has been fixed in version 7.0.56-3+deb8u1.

For the testing distribution (stretch), this problem has been fixed in version 7.0.61-1.

For the unstable distribution (sid), this problem has been fixed in version 7.0.61-1.

We recommend that you upgrade your tomcat7 packages.

Original Source

Url : http://www.debian.org/security/2016/dsa-3447

CWE : Common Weakness Enumeration

%	Id	Name
33 %	CWE-189	Numeric Errors (CWE/SANS Top 25)
17 %	CWE-399	Resource Management Errors
17 %	CWE-284	Access Control (Authorization) Issues
17 %	CWE-94	Failure to Control Generation of Code ('Code Injection')
17 %	CWE-19	Data Handling

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24427

Oval ID:	oval:org.mitre.oval:def:24427
Title:	RHSA-2014:0827: tomcat security update (Moderate)
Description:	Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075) It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security. All Tomcat 7 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0827-00 CVE-2014-0075 CVE-2014-0096 CVE-2014-0099	Version:	4
Platform(s):	Red Hat Enterprise Linux 7 CentOS Linux 7	Product(s):	tomcat
Definition Synopsis:
RHEL 7 The operating system installed on the system is Red Hat Enterprise Linux 7 AND Packages section tomcat-el-2.2-api is earlier than 0:7.0.42-6.el7_0 AND tomcat is earlier than 0:7.0.42-6.el7_0 AND tomcat-lib is earlier than 0:7.0.42-6.el7_0 AND tomcat-jsp-2.2-api is earlier than 0:7.0.42-6.el7_0 AND tomcat-docs-webapp is earlier than 0:7.0.42-6.el7_0 AND tomcat-admin-webapps is earlier than 0:7.0.42-6.el7_0 AND tomcat-jsvc is earlier than 0:7.0.42-6.el7_0 AND tomcat-webapps is earlier than 0:7.0.42-6.el7_0 AND tomcat-servlet-3.0-api is earlier than 0:7.0.42-6.el7_0 AND tomcat-javadoc is earlier than 0:7.0.42-6.el7_0 OR CentOS 7 The operating system installed on the system is CentOS Linux 7.x AND tomcat is earlier than 0:7.0.42-6.el7_0

Definition Id: oval:org.mitre.oval:def:24883

Oval ID:	oval:org.mitre.oval:def:24883
Title:	RHSA-2014:0865: tomcat6 security and bug fix update (Moderate)
Description:	Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075) It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security. This update also fixes the following bugs: * The patch that resolved the CVE-2014-0050 issue contained redundant code. This update removes the redundant code. (BZ#1094528) * The patch that resolved the CVE-2013-4322 issue contained an invalid check that triggered a java.io.EOFException while reading trailer headers for chunked requests. This update fixes the check and the aforementioned exception is no longer triggered in the described scenario. (BZ#1095602) All Tomcat 6 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0865-00 CESA-2014:0865 CVE-2014-0075 CVE-2014-0096 CVE-2014-0099	Version:	3
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	tomcat6
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section tomcat6-lib is earlier than 0:6.0.24-72.el6_5 AND tomcat6-servlet-2.5-api is earlier than 0:6.0.24-72.el6_5 AND tomcat6-javadoc is earlier than 0:6.0.24-72.el6_5 AND tomcat6-docs-webapp is earlier than 0:6.0.24-72.el6_5 AND tomcat6 is earlier than 0:6.0.24-72.el6_5 AND tomcat6-el-2.1-api is earlier than 0:6.0.24-72.el6_5 AND tomcat6-jsp-2.1-api is earlier than 0:6.0.24-72.el6_5 AND tomcat6-webapps is earlier than 0:6.0.24-72.el6_5 AND tomcat6-admin-webapps is earlier than 0:6.0.24-72.el6_5

Definition Id: oval:org.mitre.oval:def:25013

Oval ID:	oval:org.mitre.oval:def:25013
Title:	DEPRECATED: RHSA-2014:0865: tomcat6 security and bug fix update (Moderate)
Description:	Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075) It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security. This update also fixes the following bugs: * The patch that resolved the CVE-2014-0050 issue contained redundant code. This update removes the redundant code. (BZ#1094528) * The patch that resolved the CVE-2013-4322 issue contained an invalid check that triggered a java.io.EOFException while reading trailer headers for chunked requests. This update fixes the check and the aforementioned exception is no longer triggered in the described scenario. (BZ#1095602) All Tomcat 6 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0865-00 CESA-2014:0865 CVE-2014-0075 CVE-2014-0096 CVE-2014-0099	Version:	4
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	tomcat6
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section tomcat6-lib is earlier than 0:6.0.24-72.el6_5 AND tomcat6-servlet-2.5-api is earlier than 0:6.0.24-72.el6_5 AND tomcat6-javadoc is earlier than 0:6.0.24-72.el6_5 AND tomcat6-docs-webapp is earlier than 0:6.0.24-72.el6_5 AND tomcat6 is earlier than 0:6.0.24-72.el6_5 AND tomcat6-el-2.1-api is earlier than 0:6.0.24-72.el6_5 AND tomcat6-jsp-2.1-api is earlier than 0:6.0.24-72.el6_5 AND tomcat6-webapps is earlier than 0:6.0.24-72.el6_5 AND tomcat6-admin-webapps is earlier than 0:6.0.24-72.el6_5

Definition Id: oval:org.mitre.oval:def:26063

Oval ID:	oval:org.mitre.oval:def:26063
Title:	USN-2302-1 -- tomcat6, tomcat7 vulnerabilities
Description:	Several security issues were fixed in Tomcat.
Family:	unix	Class:	patch
Reference(s):	USN-2302-1 CVE-2014-0075 CVE-2014-0096 CVE-2014-0099	Version:	3
Platform(s):	Ubuntu 14.04 Ubuntu 12.04 Ubuntu 10.04	Product(s):	tomcat7 tomcat6
Definition Synopsis:
Ubuntu 14.04 release section Ubuntu 14.04 is installed AND libtomcat7-java DPKG is earlier than 0:7.0.52-1ubuntu0.1 AND Ubuntu 12.04 release section Ubuntu 12.04 is installed AND libtomcat6-java DPKG is earlier than 0:6.0.35-1ubuntu3.5 AND Ubuntu 10.04 release section Ubuntu 10.04 is installed AND libtomcat6-java DPKG is earlier than 0:6.0.24-2ubuntu1.16

Definition Id: oval:org.mitre.oval:def:26971

Oval ID:	oval:org.mitre.oval:def:26971
Title:	HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
Description:	Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-0099	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
HP-UX B.11.23 AND filesets test hpuxws22APCH32.APACHE version is less than B.2.2.15.21 AND hpuxws22APCH32.APACHE2 version is less than B.2.2.15.21 AND hpuxws22APCH32.AUTH_LDAP version is less than B.2.2.15.21 AND hpuxws22APCH32.AUTH_LDAP2 version is less than B.2.2.15.21 AND hpuxws22APCH32.MOD_JK version is less than B.2.2.15.21 AND hpuxws22APCH32.MOD_JK2 version is less than B.2.2.15.21 AND hpuxws22APCH32.MOD_PERL version is less than B.2.2.15.21 AND hpuxws22APCH32.MOD_PERL2 version is less than B.2.2.15.21 AND hpuxws22APCH32.PHP version is less than B.2.2.15.21 AND hpuxws22APCH32.PHP2 version is less than B.2.2.15.21 AND hpuxws22APCH32.WEBPROXY version is less than B.2.2.15.21 AND hpuxws22APCH32.WEBPROXY2 version is less than B.2.2.15.21 AND hpuxws22APACHE.APACHE version is less than B.2.2.15.21 AND hpuxws22APACHE.APACHE2 version is less than B.2.2.15.21 AND hpuxws22APACHE.AUTH_LDAP version is less than B.2.2.15.21 AND hpuxws22APACHE.AUTH_LDAP2 version is less than B.2.2.15.21 AND hpuxws22APACHE.MOD_JK version is less than B.2.2.15.21 AND hpuxws22APACHE.MOD_JK2 version is less than B.2.2.15.21 AND hpuxws22APACHE.MOD_PERL version is less than B.2.2.15.21 AND hpuxws22APACHE.MOD_PERL2 version is less than B.2.2.15.21 AND hpuxws22APACHE.PHP version is less than B.2.2.15.21 AND hpuxws22APACHE.PHP2 version is less than B.2.2.15.21 AND hpuxws22APACHE.WEBPROXY version is less than B.2.2.15.21 AND hpuxws22APACHE.WEBPROXY2 version is less than B.2.2.15.21 AND hpuxws22TOMCAT.TOMCAT version is less than B.2.2.15.21

Definition Id: oval:org.mitre.oval:def:27100

Oval ID:	oval:org.mitre.oval:def:27100
Title:	HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
Description:	Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-0075	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
HP-UX B.11.23 AND filesets test hpuxws22APCH32.APACHE version is less than B.2.2.15.21 AND hpuxws22APCH32.APACHE2 version is less than B.2.2.15.21 AND hpuxws22APCH32.AUTH_LDAP version is less than B.2.2.15.21 AND hpuxws22APCH32.AUTH_LDAP2 version is less than B.2.2.15.21 AND hpuxws22APCH32.MOD_JK version is less than B.2.2.15.21 AND hpuxws22APCH32.MOD_JK2 version is less than B.2.2.15.21 AND hpuxws22APCH32.MOD_PERL version is less than B.2.2.15.21 AND hpuxws22APCH32.MOD_PERL2 version is less than B.2.2.15.21 AND hpuxws22APCH32.PHP version is less than B.2.2.15.21 AND hpuxws22APCH32.PHP2 version is less than B.2.2.15.21 AND hpuxws22APCH32.WEBPROXY version is less than B.2.2.15.21 AND hpuxws22APCH32.WEBPROXY2 version is less than B.2.2.15.21 AND hpuxws22APACHE.APACHE version is less than B.2.2.15.21 AND hpuxws22APACHE.APACHE2 version is less than B.2.2.15.21 AND hpuxws22APACHE.AUTH_LDAP version is less than B.2.2.15.21 AND hpuxws22APACHE.AUTH_LDAP2 version is less than B.2.2.15.21 AND hpuxws22APACHE.MOD_JK version is less than B.2.2.15.21 AND hpuxws22APACHE.MOD_JK2 version is less than B.2.2.15.21 AND hpuxws22APACHE.MOD_PERL version is less than B.2.2.15.21 AND hpuxws22APACHE.MOD_PERL2 version is less than B.2.2.15.21 AND hpuxws22APACHE.PHP version is less than B.2.2.15.21 AND hpuxws22APACHE.PHP2 version is less than B.2.2.15.21 AND hpuxws22APACHE.WEBPROXY version is less than B.2.2.15.21 AND hpuxws22APACHE.WEBPROXY2 version is less than B.2.2.15.21 AND hpuxws22TOMCAT.TOMCAT version is less than B.2.2.15.21

Definition Id: oval:org.mitre.oval:def:27263

Oval ID:	oval:org.mitre.oval:def:27263
Title:	ELSA-2014-0827 -- tomcat security update (moderate)
Description:	[0:7.0.42-6] - Resolves: CVE-2014-0099 Fix possible overflow when parsing - long values from byte array - Resolves: CVE-2014-0096 Information discloser process XSLT - files not subject to same constraint running under - java security manager - Resolves: CVE-2014-0075 Avoid overflow in ChunkedInputFilter.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-0827 CVE-2014-0075 CVE-2014-0096 CVE-2014-0099	Version:	3
Platform(s):	Oracle Linux 7	Product(s):	tomcat
Definition Synopsis:
Oracle Linux 7.x Packages match section tomcat is earlier than 0:7.0.42-6.el7_0 AND tomcat-admin-webapps is earlier than 0:7.0.42-6.el7_0 AND tomcat-docs-webapp is earlier than 0:7.0.42-6.el7_0 AND tomcat-el-2.2-api is earlier than 0:7.0.42-6.el7_0 AND tomcat-javadoc is earlier than 0:7.0.42-6.el7_0 AND tomcat-jsp-2.2-api is earlier than 0:7.0.42-6.el7_0 AND tomcat-jsvc is earlier than 0:7.0.42-6.el7_0 AND tomcat-lib is earlier than 0:7.0.42-6.el7_0 AND tomcat-servlet-3.0-api is earlier than 0:7.0.42-6.el7_0 AND tomcat-webapps is earlier than 0:7.0.42-6.el7_0

Definition Id: oval:org.mitre.oval:def:27293

Oval ID:	oval:org.mitre.oval:def:27293
Title:	ELSA-2014-0865 -- tomcat6 security and bug fix update (moderate)
Description:	[0:6.0.24-72] - Related: CVE-2014-0075 - rebuild to generate javadoc - correctly. previous build generated 0-length javadoc [0:6.0.24-69] - Related: CVE-2014-0075 incomplete [0:6.0.24-68] - Related: CVE-2013-4322. arches needs to be specified - as in arches noarch, so docs/webapps will produce - full files. building for ppc will generate empty - javadoc. [0:6.0.24-67] - Related: CVE-2014-0050 - Related: CVE-2013-4322 [0:6.0.24-66] - Resolves: CVE-2014-0099 - Resolves: CVE-2014-0096 - Resolves: CVE-2014-0075 [0:6.0.24-65] - Related: CVE-2014-0050 copy paste error
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-0865 CVE-2014-0075 CVE-2014-0096 CVE-2014-0099	Version:	3
Platform(s):	Oracle Linux 6	Product(s):	tomcat6
Definition Synopsis:
Oracle Linux 6.x Packages match section tomcat6 is earlier than 0:6.0.24-72.el6_5 AND tomcat6-admin-webapps is earlier than 0:6.0.24-72.el6_5 AND tomcat6-docs-webapp is earlier than 0:6.0.24-72.el6_5 AND tomcat6-el-2.1-api is earlier than 0:6.0.24-72.el6_5 AND tomcat6-javadoc is earlier than 0:6.0.24-72.el6_5 AND tomcat6-jsp-2.1-api is earlier than 0:6.0.24-72.el6_5 AND tomcat6-lib is earlier than 0:6.0.24-72.el6_5 AND tomcat6-servlet-2.5-api is earlier than 0:6.0.24-72.el6_5 AND tomcat6-webapps is earlier than 0:6.0.24-72.el6_5

Definition Id: oval:org.mitre.oval:def:29086

Oval ID:	oval:org.mitre.oval:def:29086
Title:	HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
Description:	java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-0227	Version:	3
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
HP-UX B.11.31 AND filesets test hpuxws22APCH32.APACHE version is less than B.2.2.29.01 AND hpuxws22APCH32.APACHE2 version is less than B.2.2.29.01 AND hpuxws22APCH32.AUTH_LDAP version is less than B.2.2.29.01 AND hpuxws22APCH32.AUTH_LDAP2 version is less than B.2.2.29.01 AND hpuxws22APCH32.MOD_JK version is less than B.2.2.29.01 AND hpuxws22APCH32.MOD_JK2 version is less than B.2.2.29.01 AND hpuxws22APCH32.MOD_PERL version is less than B.2.2.29.01 AND hpuxws22APCH32.MOD_PERL2 version is less than B.2.2.29.01 AND hpuxws22APCH32.PHP version is less than B.2.2.29.01 AND hpuxws22APCH32.PHP2 version is less than B.2.2.29.01 AND hpuxws22APCH32.WEBPROXY version is less than B.2.2.29.01 AND hpuxws22APCH32.WEBPROXY2 version is less than B.2.2.29.01 AND hpuxws22APACHE.APACHE version is less than B.2.2.29.01 AND hpuxws22APACHE.APACHE2 version is less than B.2.2.29.01 AND hpuxws22APACHE.AUTH_LDAP version is less than B.2.2.29.01 AND hpuxws22APACHE.AUTH_LDAP2 version is less than B.2.2.29.01 AND hpuxws22APACHE.MOD_JK version is less than B.2.2.29.01 AND hpuxws22APACHE.MOD_JK2 version is less than B.2.2.29.01 AND hpuxws22APACHE.MOD_PERL version is less than B.2.2.29.01 AND hpuxws22APACHE.MOD_PERL2 version is less than B.2.2.29.01 AND hpuxws22APACHE.PHP version is less than B.2.2.29.01 AND hpuxws22APACHE.PHP2 version is less than B.2.2.29.01 AND hpuxws22APACHE.WEBPROXY version is less than B.2.2.29.01 AND hpuxws22APACHE.WEBPROXY2 version is less than B.2.2.29.01 AND hpuxws22TOMCAT.TOMCAT version is less than C.6.0.43.01

Definition Id: oval:org.mitre.oval:def:29131

Oval ID:	oval:org.mitre.oval:def:29131
Title:	HP-UX Apache Tomcat v7.x, Remote Denial of Service (DoS) and Other Vulnerabilities
Description:	java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-0227	Version:	3
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
HP-UX B.11.31 AND filesets test hpuxws22TOMCAT.TOMCAT version is less than D.7.0.59.01 AND hpuxws22TOMCAT.TOMCAT2 version is less than D.7.0.59.01

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apache Tomcat cpe:2.3:a:apache:tomcat:8.0.9:::::::* cpe:2.3:a:apache:tomcat:8.0.8:::::::* cpe:2.3:a:apache:tomcat:8.0.5:::::::* cpe:2.3:a:apache:tomcat:8.0.3:::::::* cpe:2.3:a:apache:tomcat:8.0.15:::::::* cpe:2.3:a:apache:tomcat:8.0.14:::::::* cpe:2.3:a:apache:tomcat:8.0.12:::::::* cpe:2.3:a:apache:tomcat:8.0.11:::::::* cpe:2.3:a:apache:tomcat:8.0.1:::::::* cpe:2.3:a:apache:tomcat:8.0.0:rc1:::::: cpe:2.3:a:apache:tomcat:8.0.0:rc2:::::: cpe:2.3:a:apache:tomcat:8.0.0:rc5:::::: cpe:2.3:a:apache:tomcat:8.0.0:rc10:::::: cpe:2.3:a:apache:tomcat:7.0.9:::::::* cpe:2.3:a:apache:tomcat:7.0.8:::::::* cpe:2.3:a:apache:tomcat:7.0.7:::::::* cpe:2.3:a:apache:tomcat:7.0.6:::::::* cpe:2.3:a:apache:tomcat:7.0.57:::::::* cpe:2.3:a:apache:tomcat:7.0.56:::::::* cpe:2.3:a:apache:tomcat:7.0.55:::::::* cpe:2.3:a:apache:tomcat:7.0.54:::::::* cpe:2.3:a:apache:tomcat:7.0.53:::::::* cpe:2.3:a:apache:tomcat:7.0.52:::::::* cpe:2.3:a:apache:tomcat:7.0.50:::::::* cpe:2.3:a:apache:tomcat:7.0.5:::::::* cpe:2.3:a:apache:tomcat:7.0.5:beta:::::: cpe:2.3:a:apache:tomcat:7.0.49:::::::* cpe:2.3:a:apache:tomcat:7.0.48:::::::* cpe:2.3:a:apache:tomcat:7.0.47:::::::* cpe:2.3:a:apache:tomcat:7.0.46:::::::* cpe:2.3:a:apache:tomcat:7.0.45:::::::* cpe:2.3:a:apache:tomcat:7.0.44:::::::* cpe:2.3:a:apache:tomcat:7.0.43:::::::* cpe:2.3:a:apache:tomcat:7.0.42:::::::* cpe:2.3:a:apache:tomcat:7.0.41:::::::* cpe:2.3:a:apache:tomcat:7.0.40:::::::* cpe:2.3:a:apache:tomcat:7.0.4:::::::* cpe:2.3:a:apache:tomcat:7.0.4:beta:::::: cpe:2.3:a:apache:tomcat:7.0.39:::::::* cpe:2.3:a:apache:tomcat:7.0.38:::::::* cpe:2.3:a:apache:tomcat:7.0.37:::::::* cpe:2.3:a:apache:tomcat:7.0.36:::::::* cpe:2.3:a:apache:tomcat:7.0.35:::::::* cpe:2.3:a:apache:tomcat:7.0.34:::::::* cpe:2.3:a:apache:tomcat:7.0.33:::::::* cpe:2.3:a:apache:tomcat:7.0.32:::::::* cpe:2.3:a:apache:tomcat:7.0.31:::::::* cpe:2.3:a:apache:tomcat:7.0.30:::::::* cpe:2.3:a:apache:tomcat:7.0.3:::::::* cpe:2.3:a:apache:tomcat:7.0.29:::::::* cpe:2.3:a:apache:tomcat:7.0.28:::::::* cpe:2.3:a:apache:tomcat:7.0.27:::::::* cpe:2.3:a:apache:tomcat:7.0.26:::::::* cpe:2.3:a:apache:tomcat:7.0.25:::::::* cpe:2.3:a:apache:tomcat:7.0.24:::::::* cpe:2.3:a:apache:tomcat:7.0.23:::::::* cpe:2.3:a:apache:tomcat:7.0.22:::::::* cpe:2.3:a:apache:tomcat:7.0.21:::::::* cpe:2.3:a:apache:tomcat:7.0.20:::::::* cpe:2.3:a:apache:tomcat:7.0.2:::::::* cpe:2.3:a:apache:tomcat:7.0.2:beta:::::: cpe:2.3:a:apache:tomcat:7.0.19:::::::* cpe:2.3:a:apache:tomcat:7.0.18:::::::* cpe:2.3:a:apache:tomcat:7.0.17:::::::* cpe:2.3:a:apache:tomcat:7.0.16:::::::* cpe:2.3:a:apache:tomcat:7.0.15:::::::* cpe:2.3:a:apache:tomcat:7.0.14:::::::* cpe:2.3:a:apache:tomcat:7.0.13:::::::* cpe:2.3:a:apache:tomcat:7.0.12:::::::* cpe:2.3:a:apache:tomcat:7.0.11:::::::* cpe:2.3:a:apache:tomcat:7.0.10:::::::* cpe:2.3:a:apache:tomcat:7.0.1:::::::* cpe:2.3:a:apache:tomcat:7.0.0:::::::* cpe:2.3:a:apache:tomcat:7.0.0:beta:::::: cpe:2.3:a:apache:tomcat:7.0:::::::* cpe:2.3:a:apache:tomcat:6.0.9:::::::* cpe:2.3:a:apache:tomcat:6.0.9:beta:::::: cpe:2.3:a:apache:tomcat:6.0.8:::::::* cpe:2.3:a:apache:tomcat:6.0.8:alpha:::::: cpe:2.3:a:apache:tomcat:6.0.7:::::::* cpe:2.3:a:apache:tomcat:6.0.7:alpha:::::: cpe:2.3:a:apache:tomcat:6.0.7:beta:::::: cpe:2.3:a:apache:tomcat:6.0.6:::::::* cpe:2.3:a:apache:tomcat:6.0.6:alpha:::::: cpe:2.3:a:apache:tomcat:6.0.52:::::::* cpe:2.3:a:apache:tomcat:6.0.51:::::::* cpe:2.3:a:apache:tomcat:6.0.50:::::::* cpe:2.3:a:apache:tomcat:6.0.5:::::::* cpe:2.3:a:apache:tomcat:6.0.49:::::::* cpe:2.3:a:apache:tomcat:6.0.48:::::::* cpe:2.3:a:apache:tomcat:6.0.47:::::::* cpe:2.3:a:apache:tomcat:6.0.46:::::::* cpe:2.3:a:apache:tomcat:6.0.45:::::::* cpe:2.3:a:apache:tomcat:6.0.44:::::::* cpe:2.3:a:apache:tomcat:6.0.43:::::::* cpe:2.3:a:apache:tomcat:6.0.42:::::::* cpe:2.3:a:apache:tomcat:6.0.41:::::::* cpe:2.3:a:apache:tomcat:6.0.40:::::::* cpe:2.3:a:apache:tomcat:6.0.4:::::::* cpe:2.3:a:apache:tomcat:6.0.4:alpha:::::: cpe:2.3:a:apache:tomcat:6.0.39:::::::* cpe:2.3:a:apache:tomcat:6.0.38:::::::* cpe:2.3:a:apache:tomcat:6.0.37:::::::* cpe:2.3:a:apache:tomcat:6.0.36:::::::* cpe:2.3:a:apache:tomcat:6.0.35:::::::* cpe:2.3:a:apache:tomcat:6.0.34:::::::* cpe:2.3:a:apache:tomcat:6.0.33:::::::* cpe:2.3:a:apache:tomcat:6.0.32:::::::* cpe:2.3:a:apache:tomcat:6.0.31:::::::* cpe:2.3:a:apache:tomcat:6.0.30:::::::* cpe:2.3:a:apache:tomcat:6.0.3:::::::* cpe:2.3:a:apache:tomcat:6.0.29:::::::* cpe:2.3:a:apache:tomcat:6.0.28:::::::* cpe:2.3:a:apache:tomcat:6.0.27:::::::* cpe:2.3:a:apache:tomcat:6.0.26:::::::* cpe:2.3:a:apache:tomcat:6.0.25:::::::* cpe:2.3:a:apache:tomcat:6.0.24:::::::* cpe:2.3:a:apache:tomcat:6.0.23:::::::* cpe:2.3:a:apache:tomcat:6.0.22:::::::* cpe:2.3:a:apache:tomcat:6.0.21:::::::* cpe:2.3:a:apache:tomcat:6.0.20:::::::* cpe:2.3:a:apache:tomcat:6.0.2:::::::* cpe:2.3:a:apache:tomcat:6.0.2:alpha:::::: cpe:2.3:a:apache:tomcat:6.0.2:beta:::::: cpe:2.3:a:apache:tomcat:6.0.19:::::::* cpe:2.3:a:apache:tomcat:6.0.18:::::::* cpe:2.3:a:apache:tomcat:6.0.17:::::::* cpe:2.3:a:apache:tomcat:6.0.16:::::::* cpe:2.3:a:apache:tomcat:6.0.15:::::::* cpe:2.3:a:apache:tomcat:6.0.14:::::::* cpe:2.3:a:apache:tomcat:6.0.13:::::::* cpe:2.3:a:apache:tomcat:6.0.12:::::::* cpe:2.3:a:apache:tomcat:6.0.11:::::::* cpe:2.3:a:apache:tomcat:6.0.10:::::::* cpe:2.3:a:apache:tomcat:6.0.1:::::::* cpe:2.3:a:apache:tomcat:6.0.1:alpha:::::: cpe:2.3:a:apache:tomcat:6.0.0:::::::* cpe:2.3:a:apache:tomcat:6.0.0:alpha:::::: cpe:2.3:a:apache:tomcat:6.0:::::::* cpe:2.3:a:apache:tomcat:6:::::::* cpe:2.3:a:apache:tomcat:5.5.9:::::::* cpe:2.3:a:apache:tomcat:5.5.8:::::::* cpe:2.3:a:apache:tomcat:5.5.7:::::::* cpe:2.3:a:apache:tomcat:5.5.6:::::::* cpe:2.3:a:apache:tomcat:5.5.5:::::::* cpe:2.3:a:apache:tomcat:5.5.4:::::::* cpe:2.3:a:apache:tomcat:5.5.35:::::::* cpe:2.3:a:apache:tomcat:5.5.34:::::::* cpe:2.3:a:apache:tomcat:5.5.33:::::::* cpe:2.3:a:apache:tomcat:5.5.32:::::::* cpe:2.3:a:apache:tomcat:5.5.31:::::::* cpe:2.3:a:apache:tomcat:5.5.30:::::::* cpe:2.3:a:apache:tomcat:5.5.3:::::::* cpe:2.3:a:apache:tomcat:5.5.29:::::::* cpe:2.3:a:apache:tomcat:5.5.28:::::::* cpe:2.3:a:apache:tomcat:5.5.27:::::::* cpe:2.3:a:apache:tomcat:5.5.26:::::::* cpe:2.3:a:apache:tomcat:5.5.25:::::::* cpe:2.3:a:apache:tomcat:5.5.24:::::::* cpe:2.3:a:apache:tomcat:5.5.23:::::::* cpe:2.3:a:apache:tomcat:5.5.22:::::::* cpe:2.3:a:apache:tomcat:5.5.21:::::::* cpe:2.3:a:apache:tomcat:5.5.20:::::::* cpe:2.3:a:apache:tomcat:5.5.2:::::::* cpe:2.3:a:apache:tomcat:5.5.19:::::::* cpe:2.3:a:apache:tomcat:5.5.18:::::::* cpe:2.3:a:apache:tomcat:5.5.17:::::::* cpe:2.3:a:apache:tomcat:5.5.16:::::::* cpe:2.3:a:apache:tomcat:5.5.15:::::::* cpe:2.3:a:apache:tomcat:5.5.14:::::::* cpe:2.3:a:apache:tomcat:5.5.13:::::::* cpe:2.3:a:apache:tomcat:5.5.12:::::::* cpe:2.3:a:apache:tomcat:5.5.11:::::::* cpe:2.3:a:apache:tomcat:5.5.10:::::::* cpe:2.3:a:apache:tomcat:5.5.1:::::::* cpe:2.3:a:apache:tomcat:5.5.0:::::::* cpe:2.3:a:apache:tomcat:5.0.9:::::::* cpe:2.3:a:apache:tomcat:5.0.8:::::::* cpe:2.3:a:apache:tomcat:5.0.7:::::::* cpe:2.3:a:apache:tomcat:5.0.6:::::::* cpe:2.3:a:apache:tomcat:5.0.5:::::::* cpe:2.3:a:apache:tomcat:5.0.4:::::::* cpe:2.3:a:apache:tomcat:5.0.30:::::::* cpe:2.3:a:apache:tomcat:5.0.3:::::::* cpe:2.3:a:apache:tomcat:5.0.29:::::::* cpe:2.3:a:apache:tomcat:5.0.28:::::::* cpe:2.3:a:apache:tomcat:5.0.27:::::::* cpe:2.3:a:apache:tomcat:5.0.26:::::::* cpe:2.3:a:apache:tomcat:5.0.25:::::::* cpe:2.3:a:apache:tomcat:5.0.24:::::::* cpe:2.3:a:apache:tomcat:5.0.23:::::::* cpe:2.3:a:apache:tomcat:5.0.22:::::::* cpe:2.3:a:apache:tomcat:5.0.21:::::::* cpe:2.3:a:apache:tomcat:5.0.2:::::::* cpe:2.3:a:apache:tomcat:5.0.19:::::::* cpe:2.3:a:apache:tomcat:5.0.18:::::::* cpe:2.3:a:apache:tomcat:5.0.17:::::::* cpe:2.3:a:apache:tomcat:5.0.16:::::::* cpe:2.3:a:apache:tomcat:5.0.15:::::::* cpe:2.3:a:apache:tomcat:5.0.14:::::::* cpe:2.3:a:apache:tomcat:5.0.13:::::::* cpe:2.3:a:apache:tomcat:5.0.12:::::::* cpe:2.3:a:apache:tomcat:5.0.11:::::::* cpe:2.3:a:apache:tomcat:5.0.10:::::::* cpe:2.3:a:apache:tomcat:5.0.1:::::::* cpe:2.3:a:apache:tomcat:5.0.0:::::::* cpe:2.3:a:apache:tomcat:5:::::::* cpe:2.3:a:apache:tomcat:4.1.9:beta:::::: cpe:2.3:a:apache:tomcat:4.1.9:::::::* cpe:2.3:a:apache:tomcat:4.1.8:::::::* cpe:2.3:a:apache:tomcat:4.1.7:::::::* cpe:2.3:a:apache:tomcat:4.1.6:::::::* cpe:2.3:a:apache:tomcat:4.1.5:::::::* cpe:2.3:a:apache:tomcat:4.1.40:::::::* cpe:2.3:a:apache:tomcat:4.1.4:::::::* cpe:2.3:a:apache:tomcat:4.1.39:::::::* cpe:2.3:a:apache:tomcat:4.1.38:::::::* cpe:2.3:a:apache:tomcat:4.1.37:::::::* cpe:2.3:a:apache:tomcat:4.1.36:::::::* cpe:2.3:a:apache:tomcat:4.1.35:::::::* cpe:2.3:a:apache:tomcat:4.1.34:::::::* cpe:2.3:a:apache:tomcat:4.1.33:::::::* cpe:2.3:a:apache:tomcat:4.1.32:::::::* cpe:2.3:a:apache:tomcat:4.1.31:::::::* cpe:2.3:a:apache:tomcat:4.1.30:::::::* cpe:2.3:a:apache:tomcat:4.1.3:::::::* cpe:2.3:a:apache:tomcat:4.1.3:beta:::::: cpe:2.3:a:apache:tomcat:4.1.29:::::::* cpe:2.3:a:apache:tomcat:4.1.29:alpha:::::: cpe:2.3:a:apache:tomcat:4.1.28:::::::* cpe:2.3:a:apache:tomcat:4.1.28:alpha:::::: cpe:2.3:a:apache:tomcat:4.1.27:::::::* cpe:2.3:a:apache:tomcat:4.1.26:::::::* cpe:2.3:a:apache:tomcat:4.1.25:::::::* cpe:2.3:a:apache:tomcat:4.1.24:::::::* cpe:2.3:a:apache:tomcat:4.1.23:::::::* cpe:2.3:a:apache:tomcat:4.1.22:::::::* cpe:2.3:a:apache:tomcat:4.1.21:::::::* cpe:2.3:a:apache:tomcat:4.1.20:::::::* cpe:2.3:a:apache:tomcat:4.1.2:::::::* cpe:2.3:a:apache:tomcat:4.1.19:::::::* cpe:2.3:a:apache:tomcat:4.1.18:::::::* cpe:2.3:a:apache:tomcat:4.1.17:::::::* cpe:2.3:a:apache:tomcat:4.1.16:::::::* cpe:2.3:a:apache:tomcat:4.1.15:::::::* cpe:2.3:a:apache:tomcat:4.1.14:::::::* cpe:2.3:a:apache:tomcat:4.1.13:::::::* cpe:2.3:a:apache:tomcat:4.1.12:::::::* cpe:2.3:a:apache:tomcat:4.1.11:::::::* cpe:2.3:a:apache:tomcat:4.1.10:::::::* cpe:2.3:a:apache:tomcat:4.1.1:::::::* cpe:2.3:a:apache:tomcat:4.1.0:::::::* cpe:2.3:a:apache:tomcat:4.0.6:::::::* cpe:2.3:a:apache:tomcat:4.0.5:::::::* cpe:2.3:a:apache:tomcat:4.0.4:::::::* cpe:2.3:a:apache:tomcat:4.0.3:::::::* cpe:2.3:a:apache:tomcat:4.0.2:::::::* cpe:2.3:a:apache:tomcat:4.0.1:::::::* cpe:2.3:a:apache:tomcat:4.0.0:::::::* cpe:2.3:a:apache:tomcat:4:::::::* cpe:2.3:a:apache:tomcat:3.3.2:::::::* cpe:2.3:a:apache:tomcat:3.3.1a:::::::* cpe:2.3:a:apache:tomcat:3.3.1:::::::* cpe:2.3:a:apache:tomcat:3.3:::::::* cpe:2.3:a:apache:tomcat:3.2.4:::::::* cpe:2.3:a:apache:tomcat:3.2.3:::::::* cpe:2.3:a:apache:tomcat:3.2.2:::::::* cpe:2.3:a:apache:tomcat:3.2.2:beta2:::::: cpe:2.3:a:apache:tomcat:3.2.1:::::::* cpe:2.3:a:apache:tomcat:3.2:::::::* cpe:2.3:a:apache:tomcat:3.1.1:::::::* cpe:2.3:a:apache:tomcat:3.1:::::::* cpe:2.3:a:apache:tomcat:3.0:::::::* cpe:2.3:a:apache:tomcat:1.1.3:::::::* cpe:2.3:a:apache:tomcat:::::::: cpe:2.3:a:apache:tomcat:-:::::::*	276
Application	Oracle Virtualization cpe:2.3:a:oracle:virtualization:5.1:::::::* cpe:2.3:a:oracle:virtualization:4.71:::::::* cpe:2.3:a:oracle:virtualization:4.63:::::::*	3
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:7.0:::::::*	1

Information Assurance Vulnerability Management (IAVM)

Date	Description
2015-07-16	IAVM : 2015-A-0160 - Multiple Vulnerabilities in Oracle Linux and Virtualization Severity : Category I - VMSKEY : V0061123
2015-06-25	IAVM : 2015-B-0083 - Multiple Vulnerabilities in IBM Storwize V7000 Unified Severity : Category I - VMSKEY : V0060983
2015-05-21	IAVM : 2015-B-0065 - Apache Tomcat Security Bypass Vulnerability Severity : Category I - VMSKEY : V0060761
2014-05-29	IAVM : 2014-B-0063 - Multiple Vulnerabilities in Apache Tomcat Severity : Category I - VMSKEY : V0051613

Snort® IPS/IDS

Date	Description
2020-01-16	Apache Tomcat chunked transfer encoding denial of service attempt RuleID : 52471 - Revision : 1 - Type : SERVER-APACHE
2014-11-16	http POST request smuggling attempt RuleID : 31213 - Revision : 2 - Type : INDICATOR-COMPROMISE
2014-11-16	http GET request smuggling attempt RuleID : 31212 - Revision : 2 - Type : INDICATOR-COMPROMISE

Nessus® Vulnerability Scanner

Date	Description
2017-05-01	Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2016-1049.nasl - Type : ACT_GATHER_INFO
2016-11-28	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2016-2599.nasl - Type : ACT_GATHER_INFO
2016-10-12	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20161010_tomcat_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2016-10-12	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2016-2046.nasl - Type : ACT_GATHER_INFO
2016-10-11	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-2046.nasl - Type : ACT_GATHER_INFO
2016-10-11	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-2046.nasl - Type : ACT_GATHER_INFO
2016-05-24	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL17123.nasl - Type : ACT_GATHER_INFO
2016-05-09	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0597.nasl - Type : ACT_GATHER_INFO
2016-04-07	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0598.nasl - Type : ACT_GATHER_INFO
2016-04-07	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0595.nasl - Type : ACT_GATHER_INFO
2016-04-07	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0596.nasl - Type : ACT_GATHER_INFO
2016-03-28	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3530.nasl - Type : ACT_GATHER_INFO
2016-03-24	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20160323_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2016-03-24	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2016-0492.nasl - Type : ACT_GATHER_INFO
2016-03-23	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0492.nasl - Type : ACT_GATHER_INFO
2016-03-23	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-0492.nasl - Type : ACT_GATHER_INFO
2016-03-11	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2016-656.nasl - Type : ACT_GATHER_INFO
2016-03-11	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2016-657.nasl - Type : ACT_GATHER_INFO
2016-03-11	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2016-658.nasl - Type : ACT_GATHER_INFO
2016-01-19	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3447.nasl - Type : ACT_GATHER_INFO
2015-12-21	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3428.nasl - Type : ACT_GATHER_INFO
2015-12-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-2660.nasl - Type : ACT_GATHER_INFO
2015-12-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-2659.nasl - Type : ACT_GATHER_INFO
2015-09-16	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL16344.nasl - Type : ACT_GATHER_INFO
2015-08-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1622.nasl - Type : ACT_GATHER_INFO
2015-07-16	Name : The application installed on the remote host is affected by multiple vulnerab... File : oracle_secure_global_desktop_jul_2015_cpu.nasl - Type : ACT_GATHER_INFO
2015-06-26	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2655-1.nasl - Type : ACT_GATHER_INFO
2015-06-26	Name : The remote IBM Storwize device is affected by multiple vulnerabilities. File : ibm_storwize_1_5_0_2.nasl - Type : ACT_GATHER_INFO
2015-06-26	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2654-1.nasl - Type : ACT_GATHER_INFO
2015-06-16	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_25e0593d13c011e59afb3c970e169bc2.nasl - Type : ACT_GATHER_INFO
2015-05-29	Name : The remote Debian host is missing a security update. File : debian_DLA-232.nasl - Type : ACT_GATHER_INFO
2015-05-21	Name : The remote Apache Tomcat server is affected by a security bypass vulnerability. File : tomcat_8_0_17.nasl - Type : ACT_GATHER_INFO
2015-05-21	Name : The remote Apache Tomcat server is affected by a security bypass vulnerability. File : tomcat_7_0_59.nasl - Type : ACT_GATHER_INFO
2015-05-18	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-527.nasl - Type : ACT_GATHER_INFO
2015-05-18	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-526.nasl - Type : ACT_GATHER_INFO
2015-05-18	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-525.nasl - Type : ACT_GATHER_INFO
2015-05-15	Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_44.nasl - Type : ACT_GATHER_INFO
2015-05-14	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150512_tomcat_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-05-14	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150512_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2015-05-13	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0991.nasl - Type : ACT_GATHER_INFO
2015-05-13	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0983.nasl - Type : ACT_GATHER_INFO
2015-05-13	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0991.nasl - Type : ACT_GATHER_INFO
2015-05-13	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0983.nasl - Type : ACT_GATHER_INFO
2015-05-13	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0991.nasl - Type : ACT_GATHER_INFO
2015-05-13	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0983.nasl - Type : ACT_GATHER_INFO
2015-03-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-084.nasl - Type : ACT_GATHER_INFO
2015-03-19	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-052.nasl - Type : ACT_GATHER_INFO
2015-03-19	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-053.nasl - Type : ACT_GATHER_INFO
2015-03-01	Name : The remote Apache Tomcat server is affected by multiple denial of service vul... File : tomcat_8_0_9.nasl - Type : ACT_GATHER_INFO
2015-03-01	Name : The remote Apache Tomcat server is affected by a denial of service vulnerabil... File : tomcat_6_0_42.nasl - Type : ACT_GATHER_INFO
2015-02-24	Name : The remote Fedora host is missing a security update. File : fedora_2015-2109.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_tomcat_20140715.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-29.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15432.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15426.nasl - Type : ACT_GATHER_INFO
2014-09-02	Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_7_0_55.nasl - Type : ACT_GATHER_INFO
2014-08-23	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1088.nasl - Type : ACT_GATHER_INFO
2014-08-23	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1087.nasl - Type : ACT_GATHER_INFO
2014-08-14	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_tomcat6-201407-140706.nasl - Type : ACT_GATHER_INFO
2014-08-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1020.nasl - Type : ACT_GATHER_INFO
2014-08-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1019.nasl - Type : ACT_GATHER_INFO
2014-07-31	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2302-1.nasl - Type : ACT_GATHER_INFO
2014-07-30	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0827.nasl - Type : ACT_GATHER_INFO
2014-07-24	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0827.nasl - Type : ACT_GATHER_INFO
2014-07-24	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_81fc1076128611e4bebd000c2980a9f3.nasl - Type : ACT_GATHER_INFO
2014-07-10	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0865.nasl - Type : ACT_GATHER_INFO
2014-07-10	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0865.nasl - Type : ACT_GATHER_INFO
2014-07-10	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0865.nasl - Type : ACT_GATHER_INFO
2014-07-10	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140709_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-07-08	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0843.nasl - Type : ACT_GATHER_INFO
2014-07-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0835.nasl - Type : ACT_GATHER_INFO
2014-07-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0834.nasl - Type : ACT_GATHER_INFO
2014-05-30	Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_8_0_5.nasl - Type : ACT_GATHER_INFO
2014-05-30	Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_7_0_53.nasl - Type : ACT_GATHER_INFO
2014-05-30	Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_41.nasl - Type : ACT_GATHER_INFO
2013-05-15	Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_7_0_40.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2016-01-20 13:24:06	Multiple Updates
2016-01-17 17:20:42	First insertion

Global Informations

Type	Count
CWE ID(s)	6
Oval ID(s)	10
CPE ID(s)	280
IAVM(s)	4
Snort® Rule(s)	3
Nessus® Exploit(s)	76

	Related
7.8	CVE-2014-0230
6.8	CVE-2013-4444
6.4	CVE-2014-0227
5	CVE-2014-7810
5	CVE-2014-0075
4.3	CVE-2014-0099
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 6 more Alert(s)