Apache Tomcat 7.0.x < 7.0.54 / 8.0.x < 8.0.8 XML Parser Information Disclosure

Low Nessus Network Monitor Plugin ID 8921

Synopsis

The remote web server is missing an Apache Tomcat patch update.

Description

The version of Apache Tomcat installed on the remote host is version 7.0.x prior to 7.0.54 or version 8.0.x prior to version 8.0.8. It is affected by an error in the XML Parser which may allow an attacker to gain access to confidential data.

Solution

Update to Apache Tomcat version 7.0.54 or 8.0.8 or later.

See Also

http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.8

http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.54

Plugin Details

Severity: Low

ID: 8921

Family: Web Servers

Published: 2015/03/02

Modified: 2018/09/16

Dependencies: 8928, 8931

Nessus ID: 74249, 74247

Risk Information

Risk Factor: Low

CVSSv2

Base Score: 3.3

Temporal Score: 2.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 4

Temporal Score: 3.8

Vector: CVSS3#AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:tomcat

Patch Publication Date: 2014/05/31

Vulnerability Publication Date: 2014/05/31

Reference Information

CVE: CVE-2014-0119

BID: 67669

IAVB: 2015-B-0083