Test ID:	1.3.6.1.4.1.25623.1.0.804855
Category:	Web Servers
Title:	Apache Tomcat Remote Code Execution Vulnerability (Sep 2014)
Summary:	Apache Tomcat is prone to a remote code execution (RCE) vulnerability.
Description:	Summary: Apache Tomcat is prone to a remote code execution (RCE) vulnerability. Vulnerability Insight: The error exists as the program does not properly verify or sanitize user-uploaded files. Vulnerability Impact: Successful exploitation will allow remote attackers to upload malicious script and execute the arbitrary code. Affected Software/OS: Apache Tomcat version 7.x before 7.0.40 Solution: Upgrade to version 7.0.40 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4444 BugTraq ID: 69728 http://www.securityfocus.com/bid/69728 Bugtraq: 20140910 CVE-2013-4444 Remote Code Execution in Apache Tomcat (Google Search) http://archives.neohapsis.com/archives/bugtraq/2014-09/0075.html Debian Security Information: DSA-3447 (Google Search) http://www.debian.org/security/2016/dsa-3447 http://seclists.org/fulldisclosure/2021/Jan/23 HPdes Security Advisory: HPSBOV03503 http://marc.info/?l=bugtraq&m=144498216801440&w=2 http://openwall.com/lists/oss-security/2014/10/24/12 http://www.securitytracker.com/id/1030834
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.