EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2016-1049)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote EulerOS host is missing multiple security updates.

Description :

According to the versions of the tomcat packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

- The Expression Language (EL) implementation in Apache
Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x
before 8.0.16 does not properly consider the
possibility of an accessible interface implemented by
an inaccessible class, which allows attackers to bypass
a SecurityManager protection mechanism via a web
application that leverages use of incorrect privileges
during EL evaluation.(CVE-2014-7810)

- Session fixation vulnerability in Apache Tomcat 7.x
before 7.0.66, 8.x before 8.0.30, and 9.x before
9.0.0.M2, when different session settings are used for
deployments of multiple versions of the same web
application, might allow remote attackers to hijack web
sessions by leveraging use of a requestedSessionSSL
field for an unintended request, related to
CoyoteAdapter.java and Request.java.(CVE-2015-5346)

- Apache Tomcat through 8.5.4, when the CGI Servlet is
enabled, follows RFC 3875 section 4.1.18 and therefore
does not protect applications from the presence of
untrusted client data in the HTTP_PROXY environment
variable, which might allow remote attackers to
redirect an application's outbound HTTP traffic to an
arbitrary proxy server via a crafted Proxy header in an
HTTP request, aka an 'httpoxy' issue. NOTE: the vendor
states 'A mitigation is planned for future releases of
Tomcat, tracked as CVE-2016-5388'; in other words, this
is not a CVE ID for a vulnerability.(CVE-2016-5388)

- It was discovered that the Tomcat packages installed
configuration file /usr/lib/tmpfiles.d/tomcat.conf
writeable to the tomcat group. A member of the group or
a malicious web application deployed on Tomcat could
use this flaw to escalate their
privileges.(CVE-2016-5425)

- It was discovered that the Tomcat packages installed
certain configuration files read by the Tomcat
initialization script as writeable to the tomcat group.
A member of the group or a malicious web application
deployed on Tomcat could use this flaw to escalate
their privileges.(CVE-2016-6325)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?670f4b1e

Solution :

Update the affected tomcat packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:TF/RC:ND)
Public Exploit Available : true

Family: Huawei Local Security Checks

Nessus Plugin ID: 99812 ()

Bugtraq ID: 74665

CVE ID: CVE-2014-7810
CVE-2015-5346
CVE-2016-5388
CVE-2016-5425
CVE-2016-6325

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now