Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote web server may be affected by multiple vulnerabilities.

Description :

According to its self-reported version number, the instance of Apache
Tomcat 6.0.x listening on the remote host is less than 6.0.30 and as
such, may be affected by multiple vulnerabilities.

- An error in the access restriction on a 'ServletContext'
attribute that holds the location of the work directory
in Tomcat's SecurityManager. A malicious web application
may be able to modify the location of the working
directory which then allows improper read and write
access to arbitrary files and directories in the context
of Tomcat. (CVE-2010-3718)

- An input validation error exists in the Manager
application in that it fails to filter the 'sort' and
'orderBy' input parameters. (CVE-2010-4172)

- An input validation error exists in the HTML manager
application in that it fails to filter various input
data before returning it to the browser. (CVE-2011-0013)

Note that Nessus did not actually test for the flaws but instead has
relied on the version in Tomcat's banner or error page.

See also :

http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30
http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0285.html

Solution :

Update Apache Tomcat to version 6.0.30 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 51975 ()

Bugtraq ID: 45015
46174
46177

CVE ID: CVE-2010-3718
CVE-2010-4172
CVE-2011-0013