| VID |
22509 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
According to its self-reported version number, the Apache Tomcat install listening on this port is 5.0.x equal to or earlier than 5.0.30 or 5.5.x earlier than 5.5.25 and, as such, may be affected by multiple vulnerabilities :
- An error exists in several JSP example files that allows script injection via URLs using the ' ' character. (CVE-2007-2449)
- The Manager and Host Manager applications do not properly sanitize the 'filename' parameter of the '/manager/html/upload' script, which can lead to cross-site scripting attacks. (CVE-2007-2450)
- An error exists in the handling of cookie values containing single quotes which Tomcat treats as delimiters. This can allow disclosure of sensitive information such as session IDs. (CVE-2007-3382)
- An error exists in the handling of cookie values containing backslashes which Tomcat treats as delimiters. This can allow disclosure of sensitive information such as session IDs. (CVE-2007-3385)
- An error exists in the Host Manager application which allows script injection. (CVE-2007-3386)
Note that Nessus did not actually test for the flaws but instead has relied on the version in Tomcat's banner or error page so this may be a false positive.
Also note, in the case of 5.0.x versions, the issues have been fixed by SVN revision number 588821.
* Note: This check solely relied on the version number of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://tomcat.apache.org/security-.html#Fixed_in_Apache_Tomcat_5.5.25,_5.0.SVN
http://archives.neohapsis.com/archives/bugtraq/2007-06/0181.html
http://archives.neohapsis.com/archives/bugtraq/2007-06/0183.html
http://archives.neohapsis.com/archives/bugtraq/2007-08/0190.html
http://archives.neohapsis.com/archives/bugtraq/2007-08/0191.html
http://archives.neohapsis.com/archives/bugtraq/2007-10/0102.html
* Platforms Affected:
Apache Tomcat Server versions prior to 5.5.25 / 5.0.30
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Apache Tomcat Server (5.5.25/5.0.30 or later), available from the Apache Software Foundation download site, http://tomcat.apache.org/ |
| Related URL |
CVE-2007-2449,CVE-2007-2450,CVE-2007-3382,CVE-2007-3385,CVE-2007-3386 (CVE) |
| Related URL |
24475,24476,25314,25316 (SecurityFocus) |
| Related URL |
(ISS) |
|
