Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | Sun Alert 239312 Security Vulnerabilities in Tomcat 4.0 Shipped with Solaris 9 and 10 |
| Informations | |||
|---|---|---|---|
| Name | SUN-239312 | First vendor Publication | 2008-06-30 |
| Vendor | Sun | Last vendor Modification | 2008-09-05 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Product: Solaris 9 Operating System Solaris 10 Operating System There are several vulnerabilities in the Tomcat JSP/Servlet containerwhich affect Tomcat 4.0 bundled in Solaris 10 and Solaris 9. These issues may allow a remote or local unprivileged user to cause a denial of service (DoS), inject arbitrary web script or HTML via Cross-Site Scripting (XSS) attempts, read arbitrary files and source code from the server, or obtain the installation path and other sensitive information. Additional information regarding these issues is available at: ?????? * Apache Tomcat 4.x vulnerabilities: State: Resolved First released: 30-Jun-2008 |
Original Source
| Url : http://blogs.sun.com/security/entry/sun_alert_239312_security_vulnerabilities |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-33 | HTTP Request Smuggling |
| CAPEC-105 | HTTP Request Splitting |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 40 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
| 40 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
| 20 % | CWE-200 | Information Exposure |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10499 | |||
| Oval ID: | oval:org.mitre.oval:def:10499 | ||
| Title: | Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||
| Description: | Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2005-2090 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10643 | |||
| Oval ID: | oval:org.mitre.oval:def:10643 | ||
| Title: | Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache. | ||
| Description: | Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-0450 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11287 | |||
| Oval ID: | oval:org.mitre.oval:def:11287 | ||
| Title: | Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors. | ||
| Description: | Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-2450 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18430 | |||
| Oval ID: | oval:org.mitre.oval:def:18430 | ||
| Title: | DSA-1453-1 tomcat5 - several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1453-1 CVE-2007-3382 CVE-2007-3385 CVE-2007-5461 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | tomcat5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:18716 | |||
| Oval ID: | oval:org.mitre.oval:def:18716 | ||
| Title: | DSA-1447-1 tomcat5.5 several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1447-1 CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 CVE-2007-5342 CVE-2007-5461 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | tomcat5.5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:20358 | |||
| Oval ID: | oval:org.mitre.oval:def:20358 | ||
| Title: | DSA-1468-1 tomcat5.5 | ||
| Description: | Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1468-1 CVE-2008-0128 CVE-2007-2450 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | tomcat5.5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6111 | |||
| Oval ID: | oval:org.mitre.oval:def:6111 | ||
| Title: | HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS) | ||
| Description: | Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-1355 | Version: | 9 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7601 | |||
| Oval ID: | oval:org.mitre.oval:def:7601 | ||
| Title: | DSA-1468 tomcat5.5 -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems: Olaf Kock discovered that HTTPS encryption was insufficiently enforced for single-sign-on cookies, which could result in information disclosure. It was discovered that the Manager and Host Manager web applications performed insufficient input sanitising, which could lead to cross site scripting. This update also adapts the tomcat5.5-webapps package to the tightened JULI permissions introduced in the previous tomcat5.5 DSA. However, it should be noted, that the tomcat5.5-webapps is for demonstration and documentation purposes only and should not be used for production systems. The old stable distribution (sarge) doesn't contain tomcat5.5. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1468 CVE-2008-0128 CVE-2007-2450 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | tomcat5.5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7988 | |||
| Oval ID: | oval:org.mitre.oval:def:7988 | ||
| Title: | DSA-1453 tomcat5 -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that single quotes (') in cookies were treated as a delimiter, which could lead to an information leak. It was discovered that the character sequence \' in cookies was handled incorrectly, which could lead to an information leak. It was discovered that the WebDAV servlet is vulnerable to absolute path traversal. The old stable distribution (sarge) doesn't contain tomcat5. For the stable distribution (etch), these problems have been fixed in version 5.0.30-12etch1. The unstable distribution (sid) no longer contains tomcat5. We recommend that you upgrade your tomcat5 packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1453 CVE-2007-3382 CVE-2007-3385 CVE-2007-5461 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | tomcat5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7989 | |||
| Oval ID: | oval:org.mitre.oval:def:7989 | ||
| Title: | DSA-1447 tomcat5.5 -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that single quotes (') in cookies were treated as a delimiter, which could lead to an information leak. It was discovered that the character sequence \' in cookies was handled incorrectly, which could lead to an information leak. It was discovered that the host manager servlet performed insufficient input validation, which could lead to a cross-site scripting attack. It was discovered that the JULI logging component did not restrict its target path, resulting in potential denial of service through file overwrites. It was discovered that the WebDAV servlet is vulnerable to absolute path traversal. The old stable distribution (sarge) doesn't contain tomcat5.5. For the stable distribution (etch), these problems have been fixed in version 5.5.20-2etch1. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your tomcat5.5 packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1447 CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 CVE-2007-5342 CVE-2007-5461 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | tomcat5.5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:9202 | |||
| Oval ID: | oval:org.mitre.oval:def:9202 | ||
| Title: | Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. | ||
| Description: | Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-5461 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2009-11-07 | ToutVirtual VirtualIQ Pro 3.2 Multiple Vulnerabilities |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-05-12 | Name : Mac OS X Security Update 2008-007 File : nvt/macosx_secupd_2008-007.nasl |
| 2010-05-12 | Name : Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004 File : nvt/macosx_upd_10_5_4_secupd_2008-004.nasl |
| 2009-10-13 | Name : SLES10: Security update for Tomcat 5 File : nvt/sles10_tomcat5.nasl |
| 2009-10-13 | Name : SLES10: Security update for Websphere Community Edition File : nvt/sles10_websphere-as_ce0.nasl |
| 2009-10-10 | Name : SLES9: Security update for Tomcat File : nvt/sles9p5042180.nasl |
| 2009-10-10 | Name : SLES9: Security update for Tomcat File : nvt/sles9p5021793.nasl |
| 2009-10-10 | Name : SLES9: Security update for jakarta-tomcat File : nvt/sles9p5012618.nasl |
| 2009-05-05 | Name : HP-UX Update for Apache HPSBUX02262 File : nvt/gb_hp_ux_HPSBUX02262.nasl |
| 2009-04-09 | Name : Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5) File : nvt/gb_mandriva_MDKSA_2007_241.nasl |
| 2009-03-06 | Name : RedHat Update for tomcat RHSA-2008:0042-01 File : nvt/gb_RHSA-2008_0042-01_tomcat.nasl |
| 2009-02-27 | Name : Fedora Update for tomcat5 FEDORA-2007-3456 File : nvt/gb_fedora_2007_3456_tomcat5_fc7.nasl |
| 2009-02-27 | Name : Fedora Update for tomcat5 FEDORA-2007-3474 File : nvt/gb_fedora_2007_3474_tomcat5_fc8.nasl |
| 2009-02-18 | Name : SuSE Security Summary SUSE-SR:2009:004 File : nvt/suse_sr_2009_004.nasl |
| 2009-02-17 | Name : Fedora Update for tomcat5 FEDORA-2008-8130 File : nvt/gb_fedora_2008_8130_tomcat5_fc8.nasl |
| 2009-02-16 | Name : Fedora Update for tomcat5 FEDORA-2008-1467 File : nvt/gb_fedora_2008_1467_tomcat5_fc7.nasl |
| 2009-02-16 | Name : Fedora Update for tomcat5 FEDORA-2008-1603 File : nvt/gb_fedora_2008_1603_tomcat5_fc8.nasl |
| 2009-02-02 | Name : Ubuntu USN-712-1 (vim) File : nvt/ubuntu_712_1.nasl |
| 2009-02-02 | Name : Ubuntu USN-710-1 (xine-lib) File : nvt/ubuntu_710_1.nasl |
| 2009-02-02 | Name : Ubuntu USN-711-1 (ktorrent) File : nvt/ubuntu_711_1.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-10 (tomcat) File : nvt/glsa_200804_10.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200705-03 (tomcat) File : nvt/glsa_200705_03.nasl |
| 2008-09-04 | Name : FreeBSD Ports: apache-tomcat File : nvt/freebsd_apache-tomcat0.nasl |
| 2008-09-04 | Name : FreeBSD Ports: apache-tomcat File : nvt/freebsd_apache-tomcat.nasl |
| 2008-01-31 | Name : Debian Security Advisory DSA 1468-1 (tomcat5.5) File : nvt/deb_1468_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 395-1 (tomcat4) File : nvt/deb_395_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 225-1 (tomcat4) File : nvt/deb_225_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1453-1 (tomcat5) File : nvt/deb_1453_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1447-1 (tomcat5.5) File : nvt/deb_1447_1.nasl |
| 2005-11-03 | Name : Tomcat 4.x JSP Source Exposure File : nvt/tomcat_source_exposure.nasl |
| 2005-11-03 | Name : Apache Tomcat TroubleShooter Servlet Installed File : nvt/apache_Tomcat_TroubleShooter.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 43452 | Apache Tomcat HTTP Request Smuggling |
| 38187 | Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access |
| 36079 | Apache Tomcat Manager Uploaded Filename XSS Apache Tomcat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the Manager and Host Manager applications do not validate the filename of files uploaded via the /manager/html/upload utility. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 34881 | Apache Tomcat Malformed Accept-Language Header XSS Apache Tomcat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the server does not validate user-supplied Accept-Language headers. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 34875 | Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS |
| 34769 | Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access Apache Tomcat when configured to use the Proxy module contains a flaw that may allow a remote attacker to gain access to privileged information. The issue is due to the server not properly sanitizing user requested URIs containing crafted sequences with combinations of the "/" (slash), "\" (backslash) and a URL-encoded backslash (%5C) characters. This may allow an attacker to use a URI with a crafted traversal sequence and access arbitrary files. |
| 32723 | Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing Apache Tomcat contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker makes a crafted file request containing a semicolon (;) before the file name, which will result in the server displaying the contents of the directory. This may disclose sensitive files, unpublished content or back up files. |
| 20439 | Apache Tomcat Directory Listing Saturation DoS Apache Tomcat contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker makes multiple concurrent requests for a directory listing that contain a large number of files. With a large number of requests, an attacker can cause the server to stop processing subsequent requests. |
| 19821 | Apache Tomcat Malformed Post Request Information Disclosure Apache Tomcat contains a flaw that may allow an attacker to gain access to privileged information. The issue occurs when a client specifies a Content-Length but disconnects before sending the request body. This is handled by the deprecated AJP connector by processing the request using the request body of the previous request. This may cause the server to return sensitive information. |
| 9705 | Apache Tomcat Invoker/Default Servlet Source Disclosure |
| 9695 | Apache Tomcat SnoopServlet Servlet Information Disclosure Apache Tomcat contains a sample servlet that discloses sensitive information. The SnoopServlet example servlet (/examples/jsp/snp/snoop.jsp) is used to demonstrate functionality of the application server. This servlet discloses operating system information and the full path to the installation directory. An attacker could use this information to launch targeted attacks against the affected system. |
| 8773 | Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Cod... Apache Tomcat contains a flaw that may allow a remote attacker to gain access to file source code. The issue is due to the default servlet (org.apache.catalina.servlets.DefaultServlet) allowing requests directly to it, which will allow an attacker to view the source code for server files. |
| 8772 | Apache Tomcat Catalina org.apache.catalina.connector.http DoS Apache Tomcat contains a flaw that may allow a remote attacker to cause a denial of service. The issue occurs when a series of malformed HTTP requests are sent that cause the request processing thread to become unresponsive until the server is restarted by an administrator. |
| 849 | Apache Tomcat TroubleShooter Servlet Information Disclosure The Tomcat Java application server contains a sample servlet that discloses sensitive information. The TroubleShooter example servlet is used to demonstrate functionality of the application server. This servlet discloses operating system information and the full path to the installation directory. An attacker could use this information to launch targeted attacks against the affected system. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Apache Tomcat SnoopServlet servlet access RuleID : 1830-community - Revision : 15 - Type : SERVER-APACHE |
| 2014-01-10 | Apache Tomcat SnoopServlet servlet access RuleID : 1830 - Revision : 15 - Type : SERVER-APACHE |
| 2014-01-10 | Apache Tomcat TroubleShooter servlet access RuleID : 1829-community - Revision : 15 - Type : SERVER-APACHE |
| 2014-01-10 | Apache Tomcat TroubleShooter servlet access RuleID : 1829 - Revision : 15 - Type : SERVER-APACHE |
| 2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17502 - Revision : 8 - Type : SERVER-APACHE |
| 2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17501 - Revision : 8 - Type : SERVER-APACHE |
| 2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17500 - Revision : 7 - Type : SERVER-APACHE |
| 2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17499 - Revision : 7 - Type : SERVER-APACHE |
| 2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17498 - Revision : 8 - Type : SERVER-APACHE |
| 2014-01-10 | Multiple products UNIX platform backslash directory traversal attempt RuleID : 17391 - Revision : 16 - Type : SERVER-OTHER |
| 2014-01-10 | Apache Tomcat WebDAV system tag remote file disclosure attempt RuleID : 12711 - Revision : 6 - Type : SERVER-APACHE |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-03-03 | Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_tomcat_20140522.nasl - Type : ACT_GATHER_INFO |
| 2014-11-12 | Name : The remote Fedora host is missing a security update. File : fedora_2014-13777.nasl - Type : ACT_GATHER_INFO |
| 2014-11-07 | Name : The remote Fedora host is missing a security update. File : fedora_2014-13764.nasl - Type : ACT_GATHER_INFO |
| 2014-04-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0344.nasl - Type : ACT_GATHER_INFO |
| 2014-04-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0343.nasl - Type : ACT_GATHER_INFO |
| 2014-02-25 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_39.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0042.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0569.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0327.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0151.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0213.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070717_tomcat_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080311_tomcat_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2011-11-18 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_13.nasl - Type : ACT_GATHER_INFO |
| 2011-11-18 | Name : The remote web server is affected by an HTTP request smuggling vulnerability. File : tomcat_5_5_23.nasl - Type : ACT_GATHER_INFO |
| 2011-11-18 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_4_1_36.nasl - Type : ACT_GATHER_INFO |
| 2010-12-07 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_5_5_25.nasl - Type : ACT_GATHER_INFO |
| 2010-11-04 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_4_1_0.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_5_5_26.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_16.nasl - Type : ACT_GATHER_INFO |
| 2010-06-16 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_4_1_32.nasl - Type : ACT_GATHER_INFO |
| 2010-06-16 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_4_1_37.nasl - Type : ACT_GATHER_INFO |
| 2010-06-11 | Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_5_5_21.nasl - Type : ACT_GATHER_INFO |
| 2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0630.nasl - Type : ACT_GATHER_INFO |
| 2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0261.nasl - Type : ACT_GATHER_INFO |
| 2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1069.nasl - Type : ACT_GATHER_INFO |
| 2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0524.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0042.nasl - Type : ACT_GATHER_INFO |
| 2010-01-04 | Name : The remote web server is affected by a directory traversal vulnerability. File : tomcat_proxy_directory_traversal.nasl - Type : ACT_ATTACK |
| 2009-11-23 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_websphere-as_ce-5850.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-5955.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12343.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12078.nasl - Type : ACT_GATHER_INFO |
| 2009-07-27 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2008-0002.nasl - Type : ACT_GATHER_INFO |
| 2009-07-27 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2008-0010.nasl - Type : ACT_GATHER_INFO |
| 2009-06-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-136.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-241.nasl - Type : ACT_GATHER_INFO |
| 2008-10-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-007.nasl - Type : ACT_GATHER_INFO |
| 2008-09-17 | Name : The remote Fedora host is missing a security update. File : fedora_2008-8130.nasl - Type : ACT_GATHER_INFO |
| 2008-07-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_4.nasl - Type : ACT_GATHER_INFO |
| 2008-07-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-004.nasl - Type : ACT_GATHER_INFO |
| 2008-04-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-10.nasl - Type : ACT_GATHER_INFO |
| 2008-03-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0042.nasl - Type : ACT_GATHER_INFO |
| 2008-02-29 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_jk-4992.nasl - Type : ACT_GATHER_INFO |
| 2008-02-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-4990.nasl - Type : ACT_GATHER_INFO |
| 2008-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1603.nasl - Type : ACT_GATHER_INFO |
| 2008-02-14 | Name : The remote Fedora host is missing a security update. File : fedora_2008-1467.nasl - Type : ACT_GATHER_INFO |
| 2008-01-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1468.nasl - Type : ACT_GATHER_INFO |
| 2008-01-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1453.nasl - Type : ACT_GATHER_INFO |
| 2008-01-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1447.nasl - Type : ACT_GATHER_INFO |
| 2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-3951.nasl - Type : ACT_GATHER_INFO |
| 2007-11-20 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3474.nasl - Type : ACT_GATHER_INFO |
| 2007-11-20 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3456.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_tomcat5-3950.nasl - Type : ACT_GATHER_INFO |
| 2007-08-02 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2007-007.nasl - Type : ACT_GATHER_INFO |
| 2007-07-27 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_ab2575d639f011dcb8cc000fea449b8a.nasl - Type : ACT_GATHER_INFO |
| 2007-07-27 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_872623af39ec11dcb8cc000fea449b8a.nasl - Type : ACT_GATHER_INFO |
| 2007-07-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0569.nasl - Type : ACT_GATHER_INFO |
| 2007-07-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0569.nasl - Type : ACT_GATHER_INFO |
| 2007-05-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0327.nasl - Type : ACT_GATHER_INFO |
| 2007-05-21 | Name : The remote web server contains a JSP application that is affected by a cross-... File : tomcat_sample_hello_xss.nasl - Type : ACT_ATTACK |
| 2007-05-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0327.nasl - Type : ACT_GATHER_INFO |
| 2007-05-02 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200705-03.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-170.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-225.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-395.nasl - Type : ACT_GATHER_INFO |
| 2002-11-28 | Name : The remote web server is affected by an information disclosure vulnerability. File : tomcat_source_exposure.nasl - Type : ACT_GATHER_INFO |
| 2002-07-15 | Name : The remote web server is affected by a path disclosure issue. File : apache_Tomcat_TroubleShooter.nasl - Type : ACT_GATHER_INFO |
