Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2011:030 | First vendor Publication | 2011-02-18 |
Vendor | Mandriva | Last vendor Modification | 2011-02-18 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities has been found and corrected in tomcat5: When running under a SecurityManager, access to the file system is limited but web applications are granted read/write permissions to the work directory. This directory is used for a variety of temporary files such as the intermediate files generated when compiling JSPs to Servlets. The location of the work directory is specified by a ServletContect attribute that is meant to be read-only to web applications. However, due to a coding error, the read-only setting was not applied. Therefore, a malicious web application may modify the attribute before Tomcat applies the file permissions. This can be used to grant read/write permissions to any area on the file system which a malicious web application may then take advantage of. This vulnerability is only applicable when hosting web applications from untrusted sources such as shared hosting environments (CVE-2010-3718). The HTML Manager interface displayed web applciation provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administartive user when viewing the manager pages (CVE-2011-0013). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:030 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13969 | |||
Oval ID: | oval:org.mitre.oval:def:13969 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) | ||
Description: | Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3718 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14945 | |||
Oval ID: | oval:org.mitre.oval:def:14945 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) | ||
Description: | Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0013 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19269 | |||
Oval ID: | oval:org.mitre.oval:def:19269 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0013 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19379 | |||
Oval ID: | oval:org.mitre.oval:def:19379 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3718 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23523 | |||
Oval ID: | oval:org.mitre.oval:def:23523 | ||
Title: | ELSA-2011:0791: tomcat6 security and bug fix update (Moderate) | ||
Description: | Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0791-01 CVE-2010-3718 CVE-2010-4172 CVE-2011-0013 | Version: | 17 |
Platform(s): | Oracle Linux 6 | Product(s): | tomcat6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28146 | |||
Oval ID: | oval:org.mitre.oval:def:28146 | ||
Title: | DEPRECATED: ELSA-2011-0791 -- tomcat6 security and bug fix update (moderate) | ||
Description: | [6.0.24-33] - resolves: rhbz 695284 - multiple instances logging fiasco [6.0.24-32] - Resolves: rhbz 698624 - inet4address can't be cast to String [6.0.24-31] - Resolves: rhbz 656403 - cve-2010-4172 jsp syntax error [6.0.24-30] - Resolves: rhbz#697504 initscript logging location [6.0.24-29] - Resolves: rhbz#656403, rhbz#675926, rhbz#676011 - CVE-2010-4172, CVE-2010-3718, CVE-2011-0013, CVE-2010-4476, - CVE-2011-0534 [6.0.24-28] - Resovles rhbz#695284 - wrapper logs to different locations - CVE-2010-4172, CVE-2011-0013, CVE-2010-3718 commented out - until needed. [6.0.24-27] - naming-factory-dbcp missing fix in tomcat6.conf - Add Obsoletes for log4j [6.0.24-26] - Add log4j to package lib. Corrected typo in log4 Provides - epock versus epoch [6.0.24-25] - Installed permissions do not allow tomcat to start - incrementing NVR so yum won't get confused with the zstream | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0791 CVE-2010-3718 CVE-2010-4172 CVE-2011-0013 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | tomcat6 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-24 (apache tomcat) File : nvt/glsa_201206_24.nasl |
2012-07-30 | Name : CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64 File : nvt/gb_CESA-2011_1845_tomcat5_centos5_x86_64.nasl |
2012-06-06 | Name : RedHat Update for tomcat6 RHSA-2011:0791-01 File : nvt/gb_RHSA-2011_0791-01_tomcat6.nasl |
2011-12-23 | Name : CentOS Update for tomcat5 CESA-2011:1845 centos5 i386 File : nvt/gb_CESA-2011_1845_tomcat5_centos5_i386.nasl |
2011-12-23 | Name : RedHat Update for tomcat5 RHSA-2011:1845-01 File : nvt/gb_RHSA-2011_1845-01_tomcat5.nasl |
2011-10-21 | Name : Fedora Update for tomcat6 FEDORA-2011-13457 File : nvt/gb_fedora_2011_13457_tomcat6_fc14.nasl |
2011-10-20 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006) File : nvt/gb_macosx_su11-006.nasl |
2011-05-05 | Name : HP-UX Update for Apache Web Server HPSBUX02645 File : nvt/gb_hp_ux_HPSBUX02645.nasl |
2011-04-01 | Name : Ubuntu Update for tomcat6 vulnerabilities USN-1097-1 File : nvt/gb_ubuntu_USN_1097_1.nasl |
2011-03-07 | Name : Debian Security Advisory DSA 2160-1 (tomcat6) File : nvt/deb_2160_1.nasl |
2011-03-05 | Name : FreeBSD Ports: tomcat55 File : nvt/freebsd_tomcat55.nasl |
2011-02-22 | Name : Mandriva Update for tomcat5 MDVSA-2011:030 (tomcat5) File : nvt/gb_mandriva_MDVSA_2011_030.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
71558 | Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary Fi... Apache Tomcat contains a flaw that allows a local attacker to traverse outside of a restricted path. The issue is due to the 'SecurityManager' not properly making the 'ServletContext' attribute read-only, allowing for directory traversal style attacks (e.g., ../../). This directory traversal attack would allow the attacker to manipulate arbitrary files. |
71557 | Apache Tomcat HTML Manager Multiple XSS The HTML Manager Interface in Apache Tomcat contains multiple flaws that allow a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input related to the display-name tag before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_tomcat6-110211.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1845.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111220_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110519_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-06-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-24.nasl - Type : ACT_GATHER_INFO |
2011-12-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1845.nasl - Type : ACT_GATHER_INFO |
2011-12-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1845.nasl - Type : ACT_GATHER_INFO |
2011-10-21 | Name : The remote Fedora host is missing a security update. File : fedora_2011-13457.nasl - Type : ACT_GATHER_INFO |
2011-10-13 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2011-006.nasl - Type : ACT_GATHER_INFO |
2011-05-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0791.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_tomcat6-110211.nasl - Type : ACT_GATHER_INFO |
2011-03-30 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1097-1.nasl - Type : ACT_GATHER_INFO |
2011-03-18 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12687.nasl - Type : ACT_GATHER_INFO |
2011-03-03 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-7337.nasl - Type : ACT_GATHER_INFO |
2011-02-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-030.nasl - Type : ACT_GATHER_INFO |
2011-02-16 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_553ec4ed38d611e094b1000c29ba66d2.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_6_0_30.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote web server is affected by a cross-site scripting vulnerability. File : tomcat_7_0_6.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2160.nasl - Type : ACT_GATHER_INFO |
2011-02-11 | Name : The remote web server is affected by a cross-site scripting vulnerability. File : tomcat_5_5_32.nasl - Type : ACT_GATHER_INFO |
2011-02-11 | Name : The remote web server is affected by a security bypass vulnerability. File : tomcat_7_0_4.nasl - Type : ACT_GATHER_INFO |
2010-07-16 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_transfer_encoding.nasl - Type : ACT_ATTACK |
Alert History
Date | Informations |
---|---|
2014-02-17 11:42:04 |
|