Ubuntu Local Security Checks : Ubuntu: Security Advisory (USN-3665-1)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.843539
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3665-1)
Summary:	The remote host is missing an update for the 'tomcat7, tomcat8' package(s) announced via the USN-3665-1 advisory.
Description:	Summary: The remote host is missing an update for the 'tomcat7, tomcat8' package(s) announced via the USN-3665-1 advisory. Vulnerability Insight: It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-12616, CVE-2017-12617) It was discovered that Tomcat contained incorrect documentation regarding description of the search algorithm used by the CGI Servlet to identify which script to execute. This issue only affected Ubuntu 17.10. (CVE-2017-15706) It was discovered that Tomcat incorrectly handled en empty string URL pattern in security constraint definitions. A remote attacker could possibly use this issue to gain access to web application resources, contrary to expectations. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-1304) It was discovered that Tomcat incorrectly handled applying certain security constraints. A remote attacker could possibly access certain resources, contrary to expectations. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-1305) It was discovered that the Tomcat CORS filter default settings were insecure and would enable 'supportsCredentials' for all origins, contrary to expectations. (CVE-2018-8014) Affected Software/OS: 'tomcat7, tomcat8' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 17.10, Ubuntu 18.04. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-12616 BugTraq ID: 100897 http://www.securityfocus.com/bid/100897 https://lists.apache.org/thread.html/1df9b4552464caa42047062fe7175da0da06c18ecc8daf99258bbda6@%3Cannounce.tomcat.apache.org%3E https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2018:0465 https://access.redhat.com/errata/RHSA-2018:0465 RedHat Security Advisories: RHSA-2018:0466 https://access.redhat.com/errata/RHSA-2018:0466 http://www.securitytracker.com/id/1039393 https://usn.ubuntu.com/3665-1/ Common Vulnerability Exposure (CVE) ID: CVE-2017-12617 BugTraq ID: 100954 http://www.securityfocus.com/bid/100954 https://www.exploit-db.com/exploits/42966/ https://www.exploit-db.com/exploits/43008/ https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3E https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2017:3080 https://access.redhat.com/errata/RHSA-2017:3080 RedHat Security Advisories: RHSA-2017:3081 https://access.redhat.com/errata/RHSA-2017:3081 RedHat Security Advisories: RHSA-2017:3113 https://access.redhat.com/errata/RHSA-2017:3113 RedHat Security Advisories: RHSA-2017:3114 https://access.redhat.com/errata/RHSA-2017:3114 RedHat Security Advisories: RHSA-2018:0268 https://access.redhat.com/errata/RHSA-2018:0268 RedHat Security Advisories: RHSA-2018:0269 https://access.redhat.com/errata/RHSA-2018:0269 RedHat Security Advisories: RHSA-2018:0270 https://access.redhat.com/errata/RHSA-2018:0270 RedHat Security Advisories: RHSA-2018:0271 https://access.redhat.com/errata/RHSA-2018:0271 RedHat Security Advisories: RHSA-2018:0275 https://access.redhat.com/errata/RHSA-2018:0275 RedHat Security Advisories: RHSA-2018:2939 https://access.redhat.com/errata/RHSA-2018:2939 http://www.securitytracker.com/id/1039552 Common Vulnerability Exposure (CVE) ID: CVE-2017-15706 BugTraq ID: 103069 http://www.securityfocus.com/bid/103069 https://www.oracle.com/security-alerts/cpuapr2020.html https://lists.apache.org/thread.html/e1ef853fc0079cdb55befbd2dac042934e49288b476d5f6a649e5da2@%3Cannounce.tomcat.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2018-1304 BugTraq ID: 103170 http://www.securityfocus.com/bid/103170 Debian Security Information: DSA-4281 (Google Search) https://www.debian.org/security/2018/dsa-4281 https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb@%3Cannounce.tomcat.apache.org%3E https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html RedHat Security Advisories: RHSA-2018:1320 https://access.redhat.com/errata/RHSA-2018:1320 RedHat Security Advisories: RHSA-2018:1447 https://access.redhat.com/errata/RHSA-2018:1447 RedHat Security Advisories: RHSA-2018:1448 https://access.redhat.com/errata/RHSA-2018:1448 RedHat Security Advisories: RHSA-2018:1449 https://access.redhat.com/errata/RHSA-2018:1449 RedHat Security Advisories: RHSA-2018:1450 https://access.redhat.com/errata/RHSA-2018:1450 RedHat Security Advisories: RHSA-2018:1451 https://access.redhat.com/errata/RHSA-2018:1451 RedHat Security Advisories: RHSA-2019:2205 https://access.redhat.com/errata/RHSA-2019:2205 http://www.securitytracker.com/id/1040427 Common Vulnerability Exposure (CVE) ID: CVE-2018-1305 BugTraq ID: 103144 http://www.securityfocus.com/bid/103144 https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781@%3Cannounce.tomcat.apache.org%3E http://www.securitytracker.com/id/1040428 Common Vulnerability Exposure (CVE) ID: CVE-2018-8014 BugTraq ID: 104203 http://www.securityfocus.com/bid/104203 Bugtraq: 20191229 [SECURITY] [DSA 4596-1] tomcat8 security update (Google Search) https://seclists.org/bugtraq/2019/Dec/43 Debian Security Information: DSA-4596 (Google Search) https://www.debian.org/security/2019/dsa-4596 https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html RedHat Security Advisories: RHSA-2018:2469 https://access.redhat.com/errata/RHSA-2018:2469 RedHat Security Advisories: RHSA-2018:2470 https://access.redhat.com/errata/RHSA-2018:2470 RedHat Security Advisories: RHSA-2018:3768 https://access.redhat.com/errata/RHSA-2018:3768 RedHat Security Advisories: RHSA-2019:0450 https://access.redhat.com/errata/RHSA-2019:0450 RedHat Security Advisories: RHSA-2019:0451 https://access.redhat.com/errata/RHSA-2019:0451 RedHat Security Advisories: RHSA-2019:1529 https://access.redhat.com/errata/RHSA-2019:1529 http://www.securitytracker.com/id/1040998 http://www.securitytracker.com/id/1041888
Copyright	Copyright (C) 2018 Greenbone AG