Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.25 Multiple Vulnerabilities

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote Apache Tomcat server is affected by multiple
vulnerabilities.

Description :

According to its self-reported version number, the instance Apache
Tomcat running on the remote host is 5.0.x equal to or prior to 5.0.30
or 5.5.x prior to 5.5.25. It is, therefore, affected by multiple
vulnerabilities :

- An error exists in several JSP example files that allows
script injection via URLs using the '
' character.
(CVE-2007-2449)

- The Manager and Host Manager applications do not
properly sanitize the 'filename' parameter of the
'/manager/html/upload' script, which can lead to cross-
site scripting attacks. (CVE-2007-2450)

- An error exists in the handling of cookie values
containing single quotes which Tomcat treats as
delimiters. This can allow disclosure of sensitive
information such as session IDs. (CVE-2007-3382)

- An error exists in the handling of cookie values
containing backslashes which Tomcat treats as
delimiters. This can allow disclosure of sensitive
information such as session IDs. (CVE-2007-3385)

- An error exists in the Host Manager application which
allows script injection. (CVE-2007-3386)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://www.nessus.org/u?1a40289c
http://archives.neohapsis.com/archives/bugtraq/2007-06/0181.html
http://archives.neohapsis.com/archives/bugtraq/2007-06/0183.html
http://archives.neohapsis.com/archives/bugtraq/2007-08/0190.html
http://archives.neohapsis.com/archives/bugtraq/2007-08/0191.html
http://archives.neohapsis.com/archives/bugtraq/2007-10/0102.html

Solution :

Upgrade to Apache Tomcat version 5.5.25. Alternatively, use the latest
SVN source for 5.0.x. The 5.0.x branch was fixed in SVN revision
number 588821.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 51059 ()

Bugtraq ID: 24475
24476
25314
25316

CVE ID: CVE-2007-2449
CVE-2007-2450
CVE-2007-3382
CVE-2007-3385
CVE-2007-3386

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial