Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Sun Alert 239312 Security Vulnerabilities in Tomcat 4.0 Shipped with Solaris 9 and 10
Informations
Name SUN-239312 First vendor Publication 2008-06-30
Vendor Sun Last vendor Modification 2008-09-05
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 9 Operating System Solaris 10 Operating System
There are several vulnerabilities in the Tomcat JSP/Servlet container
which affect Tomcat 4.0 bundled in Solaris 10 and Solaris 9.

These issues may allow a remote or local unprivileged user to cause
a denial of service (DoS), inject arbitrary web script or HTML via
Cross-Site Scripting (XSS) attempts, read arbitrary files and
source code from the server, or obtain the installation path and
other sensitive information.

Additional information regarding these issues is available at:

?????? * Apache Tomcat 4.x vulnerabilities:
http://tomcat.apache.org/security-4.html

?????? * CVE-2002-1148 at:
http://www.security-database.com/detail.php?cve=CVE-2002-1148

?????? * CVE-2002-1394 at:
http://www.security-database.com/detail.php?cve=CVE-2002-1394

?????? * CVE-2002-2006 at:
http://www.security-database.com/detail.php?cve=CVE-2002-2006

?????? * CVE-2003-0866 at:
http://www.security-database.com/detail.php?cve=CVE-2003-0866

?????? * CVE-2005-2090 at:
http://www.security-database.com/detail.php?cve=CVE-2005-2090

?????? * CVE-2005-3164 at:
http://www.security-database.com/detail.php?cve=CVE-2005-3164

?????? * CVE-2005-3510 at:
http://www.security-database.com/detail.php?cve=CVE-2005-3510

?????? * CVE-2006-3835 at:
http://www.security-database.com/detail.php?cve=CVE-2006-3835

?????? * CVE-2007-0450 at:
http://www.security-database.com/detail.php?cve=CVE-2007-0450

?????? * CVE-2007-1355 at:
http://www.security-database.com/detail.php?cve=CVE-2007-1355

?????? * CVE-2007-1358 at:
http://www.security-database.com/detail.php?cve=CVE-2007-1358

?????? * CVE-2007-2450 at:
http://www.security-database.com/detail.php?cve=CVE-2007-2450

?????? * CVE-2007-5461 at:
http://www.security-database.com/detail.php?cve=CVE-2007-5461

State: Resolved
First released: 30-Jun-2008

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_239312_security_vulnerabilities

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-33 HTTP Request Smuggling
CAPEC-105 HTTP Request Splitting

CWE : Common Weakness Enumeration

% Id Name
40 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
40 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)
20 % CWE-200 Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10499
 
Oval ID: oval:org.mitre.oval:def:10499
Title: Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Description: Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Family: unix Class: vulnerability
Reference(s): CVE-2005-2090
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10643
 
Oval ID: oval:org.mitre.oval:def:10643
Title: Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
Description: Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
Family: unix Class: vulnerability
Reference(s): CVE-2007-0450
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10679
 
Oval ID: oval:org.mitre.oval:def:10679
Title: Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
Description: Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
Family: unix Class: vulnerability
Reference(s): CVE-2007-1358
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11287
 
Oval ID: oval:org.mitre.oval:def:11287
Title: Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
Description: Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2007-2450
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18430
 
Oval ID: oval:org.mitre.oval:def:18430
Title: DSA-1453-1 tomcat5 - several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine.
Family: unix Class: patch
Reference(s): DSA-1453-1
CVE-2007-3382
CVE-2007-3385
CVE-2007-5461
Version: 7
Platform(s): Debian GNU/Linux 4.0
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18716
 
Oval ID: oval:org.mitre.oval:def:18716
Title: DSA-1447-1 tomcat5.5 several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine.
Family: unix Class: patch
Reference(s): DSA-1447-1
CVE-2007-3382
CVE-2007-3385
CVE-2007-3386
CVE-2007-5342
CVE-2007-5461
Version: 7
Platform(s): Debian GNU/Linux 4.0
Product(s): tomcat5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20358
 
Oval ID: oval:org.mitre.oval:def:20358
Title: DSA-1468-1 tomcat5.5
Description: Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine.
Family: unix Class: patch
Reference(s): DSA-1468-1
CVE-2008-0128
CVE-2007-2450
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): tomcat5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22631
 
Oval ID: oval:org.mitre.oval:def:22631
Title: ELSA-2007:0327: tomcat security update (Important)
Description: Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
Family: unix Class: patch
Reference(s): ELSA-2007:0327-01
CVE-2005-2090
CVE-2006-7195
CVE-2007-1358
CVE-2007-0450
Version: 21
Platform(s): Oracle Linux 5
Product(s): tomcat5
jakarta-commons-modeler
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22687
 
Oval ID: oval:org.mitre.oval:def:22687
Title: ELSA-2007:0569: tomcat security update (Moderate)
Description: Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
Family: unix Class: patch
Reference(s): ELSA-2007:0569-01
CVE-2007-2449
CVE-2007-2450
Version: 13
Platform(s): Oracle Linux 5
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6111
 
Oval ID: oval:org.mitre.oval:def:6111
Title: HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)
Description: Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2007-1355
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7601
 
Oval ID: oval:org.mitre.oval:def:7601
Title: DSA-1468 tomcat5.5 -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems: Olaf Kock discovered that HTTPS encryption was insufficiently enforced for single-sign-on cookies, which could result in information disclosure. It was discovered that the Manager and Host Manager web applications performed insufficient input sanitising, which could lead to cross site scripting. This update also adapts the tomcat5.5-webapps package to the tightened JULI permissions introduced in the previous tomcat5.5 DSA. However, it should be noted, that the tomcat5.5-webapps is for demonstration and documentation purposes only and should not be used for production systems. The old stable distribution (sarge) doesn't contain tomcat5.5.
Family: unix Class: patch
Reference(s): DSA-1468
CVE-2008-0128
CVE-2007-2450
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): tomcat5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7988
 
Oval ID: oval:org.mitre.oval:def:7988
Title: DSA-1453 tomcat5 -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that single quotes (') in cookies were treated as a delimiter, which could lead to an information leak. It was discovered that the character sequence \' in cookies was handled incorrectly, which could lead to an information leak. It was discovered that the WebDAV servlet is vulnerable to absolute path traversal. The old stable distribution (sarge) doesn't contain tomcat5. For the stable distribution (etch), these problems have been fixed in version 5.0.30-12etch1. The unstable distribution (sid) no longer contains tomcat5. We recommend that you upgrade your tomcat5 packages.
Family: unix Class: patch
Reference(s): DSA-1453
CVE-2007-3382
CVE-2007-3385
CVE-2007-5461
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): tomcat5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7989
 
Oval ID: oval:org.mitre.oval:def:7989
Title: DSA-1447 tomcat5.5 -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that single quotes (') in cookies were treated as a delimiter, which could lead to an information leak. It was discovered that the character sequence \' in cookies was handled incorrectly, which could lead to an information leak. It was discovered that the host manager servlet performed insufficient input validation, which could lead to a cross-site scripting attack. It was discovered that the JULI logging component did not restrict its target path, resulting in potential denial of service through file overwrites. It was discovered that the WebDAV servlet is vulnerable to absolute path traversal. The old stable distribution (sarge) doesn't contain tomcat5.5. For the stable distribution (etch), these problems have been fixed in version 5.5.20-2etch1. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your tomcat5.5 packages.
Family: unix Class: patch
Reference(s): DSA-1447
CVE-2007-3382
CVE-2007-3385
CVE-2007-3386
CVE-2007-5342
CVE-2007-5461
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): tomcat5.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9202
 
Oval ID: oval:org.mitre.oval:def:9202
Title: Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Description: Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5461
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 162
Application 3
Application 4

ExploitDB Exploits

id Description
2009-11-07 ToutVirtual VirtualIQ Pro 3.2 Multiple Vulnerabilities

OpenVAS Exploits

Date Description
2010-05-12 Name : Mac OS X Security Update 2008-007
File : nvt/macosx_secupd_2008-007.nasl
2010-05-12 Name : Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004
File : nvt/macosx_upd_10_5_4_secupd_2008-004.nasl
2009-10-13 Name : SLES10: Security update for Tomcat 5
File : nvt/sles10_tomcat5.nasl
2009-10-13 Name : SLES10: Security update for Websphere Community Edition
File : nvt/sles10_websphere-as_ce0.nasl
2009-10-10 Name : SLES9: Security update for Tomcat
File : nvt/sles9p5042180.nasl
2009-10-10 Name : SLES9: Security update for Tomcat
File : nvt/sles9p5021793.nasl
2009-10-10 Name : SLES9: Security update for jakarta-tomcat
File : nvt/sles9p5012618.nasl
2009-05-05 Name : HP-UX Update for Apache HPSBUX02262
File : nvt/gb_hp_ux_HPSBUX02262.nasl
2009-04-09 Name : Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5)
File : nvt/gb_mandriva_MDKSA_2007_241.nasl
2009-03-06 Name : RedHat Update for tomcat RHSA-2008:0042-01
File : nvt/gb_RHSA-2008_0042-01_tomcat.nasl
2009-02-27 Name : Fedora Update for tomcat5 FEDORA-2007-3456
File : nvt/gb_fedora_2007_3456_tomcat5_fc7.nasl
2009-02-27 Name : Fedora Update for tomcat5 FEDORA-2007-3474
File : nvt/gb_fedora_2007_3474_tomcat5_fc8.nasl
2009-02-18 Name : SuSE Security Summary SUSE-SR:2009:004
File : nvt/suse_sr_2009_004.nasl
2009-02-17 Name : Fedora Update for tomcat5 FEDORA-2008-8130
File : nvt/gb_fedora_2008_8130_tomcat5_fc8.nasl
2009-02-16 Name : Fedora Update for tomcat5 FEDORA-2008-1467
File : nvt/gb_fedora_2008_1467_tomcat5_fc7.nasl
2009-02-16 Name : Fedora Update for tomcat5 FEDORA-2008-1603
File : nvt/gb_fedora_2008_1603_tomcat5_fc8.nasl
2009-02-02 Name : Ubuntu USN-712-1 (vim)
File : nvt/ubuntu_712_1.nasl
2009-02-02 Name : Ubuntu USN-710-1 (xine-lib)
File : nvt/ubuntu_710_1.nasl
2009-02-02 Name : Ubuntu USN-711-1 (ktorrent)
File : nvt/ubuntu_711_1.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200804-10 (tomcat)
File : nvt/glsa_200804_10.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200705-03 (tomcat)
File : nvt/glsa_200705_03.nasl
2008-09-04 Name : FreeBSD Ports: apache-tomcat
File : nvt/freebsd_apache-tomcat0.nasl
2008-09-04 Name : FreeBSD Ports: apache-tomcat
File : nvt/freebsd_apache-tomcat.nasl
2008-01-31 Name : Debian Security Advisory DSA 1468-1 (tomcat5.5)
File : nvt/deb_1468_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 395-1 (tomcat4)
File : nvt/deb_395_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 225-1 (tomcat4)
File : nvt/deb_225_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1453-1 (tomcat5)
File : nvt/deb_1453_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1447-1 (tomcat5.5)
File : nvt/deb_1447_1.nasl
2005-11-03 Name : Tomcat 4.x JSP Source Exposure
File : nvt/tomcat_source_exposure.nasl
2005-11-03 Name : Apache Tomcat TroubleShooter Servlet Installed
File : nvt/apache_Tomcat_TroubleShooter.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
43452 Apache Tomcat HTTP Request Smuggling

38187 Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access

36079 Apache Tomcat Manager Uploaded Filename XSS

Apache Tomcat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the Manager and Host Manager applications do not validate the filename of files uploaded via the /manager/html/upload utility. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
34881 Apache Tomcat Malformed Accept-Language Header XSS

Apache Tomcat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the server does not validate user-supplied Accept-Language headers. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
34875 Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS

34769 Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access

Apache Tomcat when configured to use the Proxy module contains a flaw that may allow a remote attacker to gain access to privileged information. The issue is due to the server not properly sanitizing user requested URIs containing crafted sequences with combinations of the "/" (slash), "\" (backslash) and a URL-encoded backslash (%5C) characters. This may allow an attacker to use a URI with a crafted traversal sequence and access arbitrary files.
32723 Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing

Apache Tomcat contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker makes a crafted file request containing a semicolon (;) before the file name, which will result in the server displaying the contents of the directory. This may disclose sensitive files, unpublished content or back up files.
20439 Apache Tomcat Directory Listing Saturation DoS

Apache Tomcat contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker makes multiple concurrent requests for a directory listing that contain a large number of files. With a large number of requests, an attacker can cause the server to stop processing subsequent requests.
19821 Apache Tomcat Malformed Post Request Information Disclosure

Apache Tomcat contains a flaw that may allow an attacker to gain access to privileged information. The issue occurs when a client specifies a Content-Length but disconnects before sending the request body. This is handled by the deprecated AJP connector by processing the request using the request body of the previous request. This may cause the server to return sensitive information.
9705 Apache Tomcat Invoker/Default Servlet Source Disclosure

9695 Apache Tomcat SnoopServlet Servlet Information Disclosure

Apache Tomcat contains a sample servlet that discloses sensitive information. The SnoopServlet example servlet (/examples/jsp/snp/snoop.jsp) is used to demonstrate functionality of the application server. This servlet discloses operating system information and the full path to the installation directory. An attacker could use this information to launch targeted attacks against the affected system.
8773 Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Cod...

Apache Tomcat contains a flaw that may allow a remote attacker to gain access to file source code. The issue is due to the default servlet (org.apache.catalina.servlets.DefaultServlet) allowing requests directly to it, which will allow an attacker to view the source code for server files.
8772 Apache Tomcat Catalina org.apache.catalina.connector.http DoS

Apache Tomcat contains a flaw that may allow a remote attacker to cause a denial of service. The issue occurs when a series of malformed HTTP requests are sent that cause the request processing thread to become unresponsive until the server is restarted by an administrator.
849 Apache Tomcat TroubleShooter Servlet Information Disclosure

The Tomcat Java application server contains a sample servlet that discloses sensitive information. The TroubleShooter example servlet is used to demonstrate functionality of the application server. This servlet discloses operating system information and the full path to the installation directory. An attacker could use this information to launch targeted attacks against the affected system.

Snort® IPS/IDS

Date Description
2014-01-10 Apache Tomcat SnoopServlet servlet access
RuleID : 1830-community - Revision : 15 - Type : SERVER-APACHE
2014-01-10 Apache Tomcat SnoopServlet servlet access
RuleID : 1830 - Revision : 15 - Type : SERVER-APACHE
2014-01-10 Apache Tomcat TroubleShooter servlet access
RuleID : 1829-community - Revision : 15 - Type : SERVER-APACHE
2014-01-10 Apache Tomcat TroubleShooter servlet access
RuleID : 1829 - Revision : 15 - Type : SERVER-APACHE
2014-01-10 Apache Tomcat UNIX platform directory traversal
RuleID : 17502 - Revision : 8 - Type : SERVER-APACHE
2014-01-10 Apache Tomcat UNIX platform directory traversal
RuleID : 17501 - Revision : 8 - Type : SERVER-APACHE
2014-01-10 Apache Tomcat UNIX platform directory traversal
RuleID : 17500 - Revision : 7 - Type : SERVER-APACHE
2014-01-10 Apache Tomcat UNIX platform directory traversal
RuleID : 17499 - Revision : 7 - Type : SERVER-APACHE
2014-01-10 Apache Tomcat UNIX platform directory traversal
RuleID : 17498 - Revision : 8 - Type : SERVER-APACHE
2014-01-10 Multiple products UNIX platform backslash directory traversal attempt
RuleID : 17391 - Revision : 16 - Type : SERVER-OTHER
2014-01-10 Apache Tomcat WebDAV system tag remote file disclosure attempt
RuleID : 12711 - Revision : 6 - Type : SERVER-APACHE

Nessus® Vulnerability Scanner

Date Description
2016-03-03 Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_tomcat_20140522.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote Fedora host is missing a security update.
File : fedora_2014-13777.nasl - Type : ACT_GATHER_INFO
2014-11-07 Name : The remote Fedora host is missing a security update.
File : fedora_2014-13764.nasl - Type : ACT_GATHER_INFO
2014-04-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0344.nasl - Type : ACT_GATHER_INFO
2014-04-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0343.nasl - Type : ACT_GATHER_INFO
2014-02-25 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_6_0_39.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0042.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0569.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0327.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0151.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0213.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20070717_tomcat_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080311_tomcat_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2011-11-18 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_6_0_13.nasl - Type : ACT_GATHER_INFO
2011-11-18 Name : The remote web server is affected by an HTTP request smuggling vulnerability.
File : tomcat_5_5_23.nasl - Type : ACT_GATHER_INFO
2011-11-18 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_4_1_36.nasl - Type : ACT_GATHER_INFO
2010-12-07 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_5_5_25.nasl - Type : ACT_GATHER_INFO
2010-11-04 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_4_1_0.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_5_5_26.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_6_0_16.nasl - Type : ACT_GATHER_INFO
2010-06-16 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_4_1_32.nasl - Type : ACT_GATHER_INFO
2010-06-16 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_4_1_37.nasl - Type : ACT_GATHER_INFO
2010-06-11 Name : The remote web server is affected by multiple vulnerabilities.
File : tomcat_5_5_21.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0630.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0261.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-1069.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0524.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0042.nasl - Type : ACT_GATHER_INFO
2010-01-04 Name : The remote web server is affected by a directory traversal vulnerability.
File : tomcat_proxy_directory_traversal.nasl - Type : ACT_ATTACK
2009-11-23 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_websphere-as_ce-5850.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-5955.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12343.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12078.nasl - Type : ACT_GATHER_INFO
2009-07-27 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2008-0002.nasl - Type : ACT_GATHER_INFO
2009-07-27 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2008-0010.nasl - Type : ACT_GATHER_INFO
2009-06-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-136.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-241.nasl - Type : ACT_GATHER_INFO
2008-10-10 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-007.nasl - Type : ACT_GATHER_INFO
2008-09-17 Name : The remote Fedora host is missing a security update.
File : fedora_2008-8130.nasl - Type : ACT_GATHER_INFO
2008-07-01 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_5_4.nasl - Type : ACT_GATHER_INFO
2008-07-01 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-004.nasl - Type : ACT_GATHER_INFO
2008-04-17 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200804-10.nasl - Type : ACT_GATHER_INFO
2008-03-13 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0042.nasl - Type : ACT_GATHER_INFO
2008-02-29 Name : The remote openSUSE host is missing a security update.
File : suse_apache2-mod_jk-4992.nasl - Type : ACT_GATHER_INFO
2008-02-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-4990.nasl - Type : ACT_GATHER_INFO
2008-02-14 Name : The remote Fedora host is missing a security update.
File : fedora_2008-1603.nasl - Type : ACT_GATHER_INFO
2008-02-14 Name : The remote Fedora host is missing a security update.
File : fedora_2008-1467.nasl - Type : ACT_GATHER_INFO
2008-01-27 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1468.nasl - Type : ACT_GATHER_INFO
2008-01-08 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1453.nasl - Type : ACT_GATHER_INFO
2008-01-07 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1447.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_tomcat5-3951.nasl - Type : ACT_GATHER_INFO
2007-11-20 Name : The remote Fedora host is missing a security update.
File : fedora_2007-3474.nasl - Type : ACT_GATHER_INFO
2007-11-20 Name : The remote Fedora host is missing a security update.
File : fedora_2007-3456.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_tomcat5-3950.nasl - Type : ACT_GATHER_INFO
2007-08-02 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2007-007.nasl - Type : ACT_GATHER_INFO
2007-07-27 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_ab2575d639f011dcb8cc000fea449b8a.nasl - Type : ACT_GATHER_INFO
2007-07-27 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_872623af39ec11dcb8cc000fea449b8a.nasl - Type : ACT_GATHER_INFO
2007-07-27 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0569.nasl - Type : ACT_GATHER_INFO
2007-07-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0569.nasl - Type : ACT_GATHER_INFO
2007-05-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0327.nasl - Type : ACT_GATHER_INFO
2007-05-21 Name : The remote web server contains a JSP application that is affected by a cross-...
File : tomcat_sample_hello_xss.nasl - Type : ACT_ATTACK
2007-05-16 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0327.nasl - Type : ACT_GATHER_INFO
2007-05-02 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200705-03.nasl - Type : ACT_GATHER_INFO
2004-09-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-170.nasl - Type : ACT_GATHER_INFO
2004-09-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-225.nasl - Type : ACT_GATHER_INFO
2004-09-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-395.nasl - Type : ACT_GATHER_INFO
2002-11-28 Name : The remote web server is affected by an information disclosure vulnerability.
File : tomcat_source_exposure.nasl - Type : ACT_GATHER_INFO
2002-07-15 Name : The remote web server is affected by a path disclosure issue.
File : apache_Tomcat_TroubleShooter.nasl - Type : ACT_GATHER_INFO