Test ID:	1.3.6.1.4.1.25623.1.0.703842
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-3842-1)
Summary:	The remote host is missing an update for the Debian 'tomcat7' package(s) announced via the DSA-3842-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'tomcat7' package(s) announced via the DSA-3842-1 advisory. Vulnerability Insight: Two vulnerabilities were discovered in tomcat7, a servlet and JSP engine. CVE-2017-5647 Pipelined requests were processed incorrectly, which could result in some responses appearing to be sent for the wrong request. CVE-2017-5648 Some application listeners calls were issued against the wrong objects, allowing untrusted applications running under a SecurityManager to bypass that protection mechanism and access or modify information associated with other web applications. For the stable distribution (jessie), these problems have been fixed in version 7.0.56-3+deb8u10. For the upcoming stable (stretch) and unstable (sid) distributions, these problems have been fixed in version 7.0.72-3. We recommend that you upgrade your tomcat7 packages. Affected Software/OS: 'tomcat7' package(s) on Debian 8. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-5647 Debian Security Information: DSA-3842 (Google Search) http://www.debian.org/security/2017/dsa-3842 Debian Security Information: DSA-3843 (Google Search) http://www.debian.org/security/2017/dsa-3843 https://security.gentoo.org/glsa/201705-09 https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/5796678c5a773c6f3ff57c178ac247d85ceca0dee9190ba48171451a@%3Cusers.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2017:1801 https://access.redhat.com/errata/RHSA-2017:1801 RedHat Security Advisories: RHSA-2017:1802 https://access.redhat.com/errata/RHSA-2017:1802 RedHat Security Advisories: RHSA-2017:2493 https://access.redhat.com/errata/RHSA-2017:2493 RedHat Security Advisories: RHSA-2017:2494 https://access.redhat.com/errata/RHSA-2017:2494 RedHat Security Advisories: RHSA-2017:3080 https://access.redhat.com/errata/RHSA-2017:3080 RedHat Security Advisories: RHSA-2017:3081 https://access.redhat.com/errata/RHSA-2017:3081 http://www.securitytracker.com/id/1038218 Common Vulnerability Exposure (CVE) ID: CVE-2017-5648 BugTraq ID: 97530 http://www.securityfocus.com/bid/97530 http://www.openwall.com/lists/oss-security/2020/07/20/8 https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2017:1809 https://access.redhat.com/errata/RHSA-2017:1809 http://www.securitytracker.com/id/1038220
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.