EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2017-1191)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote EulerOS host is missing multiple security updates.

Description :

According to the versions of the tomcat packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

- The Realm implementations did not process the supplied
password if the supplied user name did not exist. This
made a timing attack possible to determine valid user
names. Note that the default configuration includes the
LockOutRealm which makes exploitation of this
vulnerability harder. (CVE-2016-0762)

- It was discovered that a malicious web application
could bypass a configured SecurityManager via a Tomcat
utility method that was accessible to web applications.
(CVE-2016-5018)

- It was discovered that when a SecurityManager was
configured, Tomcat's system property replacement
feature for configuration files could be used by a
malicious web application to bypass the SecurityManager
and read system properties that should not be visible.
(CVE-2016-6794)

- It was discovered that a malicious web application
could bypass a configured SecurityManager via
manipulation of the configuration parameters for the
JSP Servlet. (CVE-2016-6796)

- It was discovered that it was possible for a web
application to access any global JNDI resource whether
an explicit ResourceLink had been configured or not.
(CVE-2016-6797)

- A vulnerability was discovered in tomcat. When running
an untrusted application under a SecurityManager it was
possible, under some circumstances, for that
application to retain references to the request or
response objects and thereby access and/or modify
information associated with another web
application.(CVE-2017-5648)

- A vulnerability was discovered in the error page
mechanism in Tomcat's DefaultServlet implementation. A
crafted HTTP request could cause undesired side
effects, possibly including the removal or replacement
of the custom error page.(CVE-2017-5664)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?f3667cfb

Solution :

Update the affected tomcat packages.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Family: Huawei Local Security Checks

Nessus Plugin ID: 103029 ()

Bugtraq ID:

CVE ID: CVE-2016-0762
CVE-2016-5018
CVE-2016-6794
CVE-2016-6796
CVE-2016-6797
CVE-2017-5648
CVE-2017-5664

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now