This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities has been found and corrected in tomcat5 :
When running under a SecurityManager, access to the file system is
limited but web applications are granted read/write permissions to the
work directory. This directory is used for a variety of temporary
files such as the intermediate files generated when compiling JSPs to
Servlets. The location of the work directory is specified by a
ServletContect attribute that is meant to be read-only to web
applications. However, due to a coding error, the read-only setting
was not applied. Therefore, a malicious web application may modify the
attribute before Tomcat applies the file permissions. This can be used
to grant read/write permissions to any area on the file system which a
malicious web application may then take advantage of. This
vulnerability is only applicable when hosting web applications from
untrusted sources such as shared hosting environments (CVE-2010-3718).
The HTML Manager interface displayed web application provided data,
such as display names, without filtering. A malicious web application
could trigger script execution by an administrative user when viewing
the manager pages (CVE-2011-0013).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
The updated packages have been patched to correct these issues.
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true