6.4 - USN-3519-1

Executive Summary

Summary
Title	Tomcat vulnerabilities

Informations
Name	USN-3519-1	First vendor Publication	2018-01-08
Vendor	Ubuntu	Last vendor Modification	2018-01-08
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Cvss Base Score	6.4	Attack Range	Network
Cvss Impact Score	4.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Tomcat.

Software Description: - tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine

Details:

It was discovered that Tomcat incorrectly handled certain pipelined requests when sendfile was used. A remote attacker could use this issue to obtain wrong responses possibly containing sensitive information. (CVE-2017-5647)

It was discovered that Tomcat incorrectly used the appropriate facade object. A malicious application could possibly use this to bypass Security Manager restrictions. (CVE-2017-5648)

It was discovered that Tomcat incorrectly handled error pages. A remote attacker could possibly use this issue to replace or remove the custom error page. (CVE-2017-5664)

It was discovered that Tomcat incorrectly handled the CORS filter. A remote attacker could possibly use this issue to perform cache poisoning. (CVE-2017-7674)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.04:
libtomcat8-java 8.0.38-2ubuntu2.2
tomcat8 8.0.38-2ubuntu2.2

Ubuntu 16.04 LTS:
libtomcat8-java 8.0.32-1ubuntu1.5
tomcat8 8.0.32-1ubuntu1.5

Ubuntu 14.04 LTS:
libtomcat7-java 7.0.52-1ubuntu0.13
tomcat7 7.0.52-1ubuntu0.13

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3519-1
CVE-2017-5647, CVE-2017-5648, CVE-2017-5664, CVE-2017-7674

Package Information:
https://launchpad.net/ubuntu/+source/tomcat8/8.0.38-2ubuntu2.2
https://launchpad.net/ubuntu/+source/tomcat8/8.0.32-1ubuntu1.5
https://launchpad.net/ubuntu/+source/tomcat7/7.0.52-1ubuntu0.13

Original Source

Url : http://www.ubuntu.com/usn/USN-3519-1

CWE : Common Weakness Enumeration

%	Id	Name
25 %	CWE-755	Improper Handling of Exceptional Conditions
25 %	CWE-668	Exposure of Resource to Wrong Sphere
25 %	CWE-345	Insufficient Verification of Data Authenticity
25 %	CWE-200	Information Exposure

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apache Tomcat cpe:2.3:a:apache:tomcat:9.0.0:milestone1:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone10:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone11:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone12:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone13:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone14:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone15:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone16:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone17:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone18:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone2:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone3:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone4:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone5:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone6:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone7:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone8:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone9:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone19:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone20:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone21:::::: cpe:2.3:a:apache:tomcat:8.5.9:::::::* cpe:2.3:a:apache:tomcat:8.5.8:::::::* cpe:2.3:a:apache:tomcat:8.5.7:::::::* cpe:2.3:a:apache:tomcat:8.5.6:::::::* cpe:2.3:a:apache:tomcat:8.5.5:::::::* cpe:2.3:a:apache:tomcat:8.5.4:::::::* cpe:2.3:a:apache:tomcat:8.5.3:::::::* cpe:2.3:a:apache:tomcat:8.5.2:::::::* cpe:2.3:a:apache:tomcat:8.5.15:::::::* cpe:2.3:a:apache:tomcat:8.5.14:::::::* cpe:2.3:a:apache:tomcat:8.5.13:::::::* cpe:2.3:a:apache:tomcat:8.5.12:::::::* cpe:2.3:a:apache:tomcat:8.5.11:::::::* cpe:2.3:a:apache:tomcat:8.5.10:::::::* cpe:2.3:a:apache:tomcat:8.5.1:::::::* cpe:2.3:a:apache:tomcat:8.5.0:::::::* cpe:2.3:a:apache:tomcat:8.0.9:::::::* cpe:2.3:a:apache:tomcat:8.0.8:::::::* cpe:2.3:a:apache:tomcat:8.0.7:::::::* cpe:2.3:a:apache:tomcat:8.0.6:::::::* cpe:2.3:a:apache:tomcat:8.0.5:::::::* cpe:2.3:a:apache:tomcat:8.0.44:::::::* cpe:2.3:a:apache:tomcat:8.0.43:::::::* cpe:2.3:a:apache:tomcat:8.0.42:::::::* cpe:2.3:a:apache:tomcat:8.0.41:::::::* cpe:2.3:a:apache:tomcat:8.0.40:::::::* cpe:2.3:a:apache:tomcat:8.0.4:::::::* cpe:2.3:a:apache:tomcat:8.0.39:::::::* cpe:2.3:a:apache:tomcat:8.0.38:::::::* cpe:2.3:a:apache:tomcat:8.0.37:::::::* cpe:2.3:a:apache:tomcat:8.0.36:::::::* cpe:2.3:a:apache:tomcat:8.0.35:::::::* cpe:2.3:a:apache:tomcat:8.0.34:::::::* cpe:2.3:a:apache:tomcat:8.0.33:::::::* cpe:2.3:a:apache:tomcat:8.0.32:::::::* cpe:2.3:a:apache:tomcat:8.0.31:::::::* cpe:2.3:a:apache:tomcat:8.0.30:::::::* cpe:2.3:a:apache:tomcat:8.0.3:::::::* cpe:2.3:a:apache:tomcat:8.0.29:::::::* cpe:2.3:a:apache:tomcat:8.0.28:::::::* cpe:2.3:a:apache:tomcat:8.0.27:::::::* cpe:2.3:a:apache:tomcat:8.0.26:::::::* cpe:2.3:a:apache:tomcat:8.0.25:::::::* cpe:2.3:a:apache:tomcat:8.0.24:::::::* cpe:2.3:a:apache:tomcat:8.0.23:::::::* cpe:2.3:a:apache:tomcat:8.0.22:::::::* cpe:2.3:a:apache:tomcat:8.0.21:::::::* cpe:2.3:a:apache:tomcat:8.0.20:::::::* cpe:2.3:a:apache:tomcat:8.0.2:::::::* cpe:2.3:a:apache:tomcat:8.0.19:::::::* cpe:2.3:a:apache:tomcat:8.0.18:::::::* cpe:2.3:a:apache:tomcat:8.0.17:::::::* cpe:2.3:a:apache:tomcat:8.0.16:::::::* cpe:2.3:a:apache:tomcat:8.0.15:::::::* cpe:2.3:a:apache:tomcat:8.0.14:::::::* cpe:2.3:a:apache:tomcat:8.0.13:::::::* cpe:2.3:a:apache:tomcat:8.0.12:::::::* cpe:2.3:a:apache:tomcat:8.0.11:::::::* cpe:2.3:a:apache:tomcat:8.0.10:::::::* cpe:2.3:a:apache:tomcat:8.0.1:::::::* cpe:2.3:a:apache:tomcat:8.0.0:rc1:::::: cpe:2.3:a:apache:tomcat:8.0.0:::::::* cpe:2.3:a:apache:tomcat:8.0.0:rc5:::::: cpe:2.3:a:apache:tomcat:8.0.0:rc3:::::: cpe:2.3:a:apache:tomcat:8.0.0:rc10:::::: cpe:2.3:a:apache:tomcat:8.0:::::::* cpe:2.3:a:apache:tomcat:7.0.9:::::::* cpe:2.3:a:apache:tomcat:7.0.8:::::::* cpe:2.3:a:apache:tomcat:7.0.78:::::::* cpe:2.3:a:apache:tomcat:7.0.77:::::::* cpe:2.3:a:apache:tomcat:7.0.76:::::::* cpe:2.3:a:apache:tomcat:7.0.75:::::::* cpe:2.3:a:apache:tomcat:7.0.74:::::::* cpe:2.3:a:apache:tomcat:7.0.73:::::::* cpe:2.3:a:apache:tomcat:7.0.72:::::::* cpe:2.3:a:apache:tomcat:7.0.71:::::::* cpe:2.3:a:apache:tomcat:7.0.70:::::::* cpe:2.3:a:apache:tomcat:7.0.7:::::::* cpe:2.3:a:apache:tomcat:7.0.69:::::::* cpe:2.3:a:apache:tomcat:7.0.68:::::::* cpe:2.3:a:apache:tomcat:7.0.67:::::::* cpe:2.3:a:apache:tomcat:7.0.66:::::::* cpe:2.3:a:apache:tomcat:7.0.65:::::::* cpe:2.3:a:apache:tomcat:7.0.64:::::::* cpe:2.3:a:apache:tomcat:7.0.63:::::::* cpe:2.3:a:apache:tomcat:7.0.62:::::::* cpe:2.3:a:apache:tomcat:7.0.61:::::::* cpe:2.3:a:apache:tomcat:7.0.60:::::::* cpe:2.3:a:apache:tomcat:7.0.6:::::::* cpe:2.3:a:apache:tomcat:7.0.59:::::::* cpe:2.3:a:apache:tomcat:7.0.58:::::::* cpe:2.3:a:apache:tomcat:7.0.57:::::::* cpe:2.3:a:apache:tomcat:7.0.56:::::::* cpe:2.3:a:apache:tomcat:7.0.55:::::::* cpe:2.3:a:apache:tomcat:7.0.54:::::::* cpe:2.3:a:apache:tomcat:7.0.53:::::::* cpe:2.3:a:apache:tomcat:7.0.52:::::::* cpe:2.3:a:apache:tomcat:7.0.51:::::::* cpe:2.3:a:apache:tomcat:7.0.50:::::::* cpe:2.3:a:apache:tomcat:7.0.5:::::::* cpe:2.3:a:apache:tomcat:7.0.5:beta:::::: cpe:2.3:a:apache:tomcat:7.0.49:::::::* cpe:2.3:a:apache:tomcat:7.0.48:::::::* cpe:2.3:a:apache:tomcat:7.0.47:::::::* cpe:2.3:a:apache:tomcat:7.0.46:::::::* cpe:2.3:a:apache:tomcat:7.0.45:::::::* cpe:2.3:a:apache:tomcat:7.0.44:::::::* cpe:2.3:a:apache:tomcat:7.0.43:::::::* cpe:2.3:a:apache:tomcat:7.0.42:::::::* cpe:2.3:a:apache:tomcat:7.0.41:::::::* cpe:2.3:a:apache:tomcat:7.0.40:::::::* cpe:2.3:a:apache:tomcat:7.0.4:::::::* cpe:2.3:a:apache:tomcat:7.0.4:beta:::::: cpe:2.3:a:apache:tomcat:7.0.39:::::::* cpe:2.3:a:apache:tomcat:7.0.38:::::::* cpe:2.3:a:apache:tomcat:7.0.37:::::::* cpe:2.3:a:apache:tomcat:7.0.36:::::::* cpe:2.3:a:apache:tomcat:7.0.35:::::::* cpe:2.3:a:apache:tomcat:7.0.34:::::::* cpe:2.3:a:apache:tomcat:7.0.33:::::::* cpe:2.3:a:apache:tomcat:7.0.32:::::::* cpe:2.3:a:apache:tomcat:7.0.31:::::::* cpe:2.3:a:apache:tomcat:7.0.30:::::::* cpe:2.3:a:apache:tomcat:7.0.3:::::::* cpe:2.3:a:apache:tomcat:7.0.29:::::::* cpe:2.3:a:apache:tomcat:7.0.28:::::::* cpe:2.3:a:apache:tomcat:7.0.27:::::::* cpe:2.3:a:apache:tomcat:7.0.26:::::::* cpe:2.3:a:apache:tomcat:7.0.25:::::::* cpe:2.3:a:apache:tomcat:7.0.24:::::::* cpe:2.3:a:apache:tomcat:7.0.23:::::::* cpe:2.3:a:apache:tomcat:7.0.22:::::::* cpe:2.3:a:apache:tomcat:7.0.21:::::::* cpe:2.3:a:apache:tomcat:7.0.20:::::::* cpe:2.3:a:apache:tomcat:7.0.2:::::::* cpe:2.3:a:apache:tomcat:7.0.2:beta:::::: cpe:2.3:a:apache:tomcat:7.0.19:::::::* cpe:2.3:a:apache:tomcat:7.0.18:::::::* cpe:2.3:a:apache:tomcat:7.0.17:::::::* cpe:2.3:a:apache:tomcat:7.0.16:::::::* cpe:2.3:a:apache:tomcat:7.0.15:::::::* cpe:2.3:a:apache:tomcat:7.0.14:::::::* cpe:2.3:a:apache:tomcat:7.0.13:::::::* cpe:2.3:a:apache:tomcat:7.0.12:::::::* cpe:2.3:a:apache:tomcat:7.0.11:::::::* cpe:2.3:a:apache:tomcat:7.0.10:::::::* cpe:2.3:a:apache:tomcat:7.0.1:::::::* cpe:2.3:a:apache:tomcat:7.0.0:::::::* cpe:2.3:a:apache:tomcat:7.0.0:beta:::::: cpe:2.3:a:apache:tomcat:6.0.9:::::::* cpe:2.3:a:apache:tomcat:6.0.8:::::::* cpe:2.3:a:apache:tomcat:6.0.7:::::::* cpe:2.3:a:apache:tomcat:6.0.6:::::::* cpe:2.3:a:apache:tomcat:6.0.52:::::::* cpe:2.3:a:apache:tomcat:6.0.51:::::::* cpe:2.3:a:apache:tomcat:6.0.50:::::::* cpe:2.3:a:apache:tomcat:6.0.5:::::::* cpe:2.3:a:apache:tomcat:6.0.49:::::::* cpe:2.3:a:apache:tomcat:6.0.48:::::::* cpe:2.3:a:apache:tomcat:6.0.47:::::::* cpe:2.3:a:apache:tomcat:6.0.46:::::::* cpe:2.3:a:apache:tomcat:6.0.45:::::::* cpe:2.3:a:apache:tomcat:6.0.44:::::::* cpe:2.3:a:apache:tomcat:6.0.43:::::::* cpe:2.3:a:apache:tomcat:6.0.42:::::::* cpe:2.3:a:apache:tomcat:6.0.41:::::::* cpe:2.3:a:apache:tomcat:6.0.40:::::::* cpe:2.3:a:apache:tomcat:6.0.4:::::::* cpe:2.3:a:apache:tomcat:6.0.39:::::::* cpe:2.3:a:apache:tomcat:6.0.38:::::::* cpe:2.3:a:apache:tomcat:6.0.37:::::::* cpe:2.3:a:apache:tomcat:6.0.36:::::::* cpe:2.3:a:apache:tomcat:6.0.35:::::::* cpe:2.3:a:apache:tomcat:6.0.34:::::::* cpe:2.3:a:apache:tomcat:6.0.33:::::::* cpe:2.3:a:apache:tomcat:6.0.32:::::::* cpe:2.3:a:apache:tomcat:6.0.31:::::::* cpe:2.3:a:apache:tomcat:6.0.30:::::::* cpe:2.3:a:apache:tomcat:6.0.3:::::::* cpe:2.3:a:apache:tomcat:6.0.29:::::::* cpe:2.3:a:apache:tomcat:6.0.28:::::::* cpe:2.3:a:apache:tomcat:6.0.27:::::::* cpe:2.3:a:apache:tomcat:6.0.26:::::::* cpe:2.3:a:apache:tomcat:6.0.25:::::::* cpe:2.3:a:apache:tomcat:6.0.24:::::::* cpe:2.3:a:apache:tomcat:6.0.23:::::::* cpe:2.3:a:apache:tomcat:6.0.22:::::::* cpe:2.3:a:apache:tomcat:6.0.21:::::::* cpe:2.3:a:apache:tomcat:6.0.20:::::::* cpe:2.3:a:apache:tomcat:6.0.2:::::::* cpe:2.3:a:apache:tomcat:6.0.19:::::::* cpe:2.3:a:apache:tomcat:6.0.18:::::::* cpe:2.3:a:apache:tomcat:6.0.17:::::::* cpe:2.3:a:apache:tomcat:6.0.16:::::::* cpe:2.3:a:apache:tomcat:6.0.15:::::::* cpe:2.3:a:apache:tomcat:6.0.14:::::::* cpe:2.3:a:apache:tomcat:6.0.13:::::::* cpe:2.3:a:apache:tomcat:6.0.12:::::::* cpe:2.3:a:apache:tomcat:6.0.11:::::::* cpe:2.3:a:apache:tomcat:6.0.10:::::::* cpe:2.3:a:apache:tomcat:6.0.1:::::::* cpe:2.3:a:apache:tomcat:6.0.0:::::::*	223

Nessus® Vulnerability Scanner

Date	Description
2018-11-27	Name : The remote Virtuozzo host is missing a security update. File : Virtuozzo_VZLSA-2017-3080.nasl - Type : ACT_GATHER_INFO
2018-03-21	Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa_10838.nasl - Type : ACT_GATHER_INFO
2017-11-27	Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-1299.nasl - Type : ACT_GATHER_INFO
2017-11-02	Name : The remote Apache Tomcat server is affected by a code execution vulnerability. File : tomcat_6_0_24.nasl - Type : ACT_GATHER_INFO
2017-11-01	Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2017-1262.nasl - Type : ACT_GATHER_INFO
2017-11-01	Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2017-1261.nasl - Type : ACT_GATHER_INFO
2017-10-31	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20171030_tomcat_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2017-10-31	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20171030_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2017-10-31	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2017-3081.nasl - Type : ACT_GATHER_INFO
2017-10-31	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2017-3080.nasl - Type : ACT_GATHER_INFO
2017-10-30	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2017-3081.nasl - Type : ACT_GATHER_INFO
2017-10-30	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2017-3080.nasl - Type : ACT_GATHER_INFO
2017-10-30	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-3080.nasl - Type : ACT_GATHER_INFO
2017-10-30	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-3081.nasl - Type : ACT_GATHER_INFO
2017-09-28	Name : A web application running on the remote host is affected by a denial of servi... File : mysql_enterprise_monitor_3_4_3_4225.nasl - Type : ACT_GATHER_INFO
2017-09-18	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3974.nasl - Type : ACT_GATHER_INFO
2017-09-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-2638.nasl - Type : ACT_GATHER_INFO
2017-09-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-2637.nasl - Type : ACT_GATHER_INFO
2017-09-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-2636.nasl - Type : ACT_GATHER_INFO
2017-09-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-2635.nasl - Type : ACT_GATHER_INFO
2017-09-08	Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2017-1192.nasl - Type : ACT_GATHER_INFO
2017-09-08	Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2017-1191.nasl - Type : ACT_GATHER_INFO
2017-08-23	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-2493.nasl - Type : ACT_GATHER_INFO
2017-08-18	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2017-873.nasl - Type : ACT_GATHER_INFO
2017-08-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2017-862.nasl - Type : ACT_GATHER_INFO
2017-07-28	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20170727_tomcat_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2017-07-28	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2017-1809.nasl - Type : ACT_GATHER_INFO
2017-07-28	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2017-1809.nasl - Type : ACT_GATHER_INFO
2017-07-27	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-1809.nasl - Type : ACT_GATHER_INFO
2017-07-21	Name : A web application running on the remote host is affected by multiple vulnerab... File : mysql_enterprise_monitor_3_3_4_3247.nasl - Type : ACT_GATHER_INFO
2017-07-17	Name : The remote Fedora host is missing a security update. File : fedora_2017-794c18b62d.nasl - Type : ACT_GATHER_INFO
2017-07-17	Name : The remote Fedora host is missing a security update. File : fedora_2017-0e64c4c186.nasl - Type : ACT_GATHER_INFO
2017-07-07	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2017-854.nasl - Type : ACT_GATHER_INFO
2017-07-07	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2017-853.nasl - Type : ACT_GATHER_INFO
2017-07-03	Name : The remote Fedora host is missing a security update. File : fedora_2017-e4638a345c.nasl - Type : ACT_GATHER_INFO
2017-06-30	Name : The remote Fedora host is missing a security update. File : fedora_2017-63789c8c29.nasl - Type : ACT_GATHER_INFO
2017-06-23	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3891.nasl - Type : ACT_GATHER_INFO
2017-06-23	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3892.nasl - Type : ACT_GATHER_INFO
2017-06-21	Name : The remote Debian host is missing a security update. File : debian_DLA-996.nasl - Type : ACT_GATHER_INFO
2017-06-08	Name : The remote Apache Tomcat server is affected by a remote error page manipulati... File : tomcat_8_5_15.nasl - Type : ACT_GATHER_INFO
2017-05-18	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201705-09.nasl - Type : ACT_GATHER_INFO
2017-05-16	Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-586.nasl - Type : ACT_GATHER_INFO
2017-05-04	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3843.nasl - Type : ACT_GATHER_INFO
2017-05-04	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3842.nasl - Type : ACT_GATHER_INFO
2017-05-01	Name : The remote Debian host is missing a security update. File : debian_DLA-924.nasl - Type : ACT_GATHER_INFO
2017-04-28	Name : The remote Fedora host is missing a security update. File : fedora_2017-d5aa7c77d6.nasl - Type : ACT_GATHER_INFO
2017-04-28	Name : The remote Fedora host is missing a security update. File : fedora_2017-5261ba4605.nasl - Type : ACT_GATHER_INFO
2017-04-21	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2017-822.nasl - Type : ACT_GATHER_INFO
2017-04-21	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2017-821.nasl - Type : ACT_GATHER_INFO
2017-04-14	Name : The remote Apache Tomcat server is affected by an information disclosure vuln... File : tomcat_8_0_43.nasl - Type : ACT_GATHER_INFO
2017-04-14	Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_8_5_13.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2019-01-08 00:18:58	First insertion

Global Informations

Type	Count
CWE ID(s)	4
CPE ID(s)	223
Nessus® Exploit(s)	51

	Related
9.1	CVE-2017-5648
7.5	CVE-2017-5664
7.5	CVE-2017-5647
4.3	CVE-2017-7674
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 4 more Alert(s)

6.4 - USN-3519-1

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU