Test ID:	1.3.6.1.4.1.25623.1.0.882796
Category:	CentOS Local Security Checks
Title:	CentOS Update for tomcat CESA-2017:3081 centos7
Summary:	Check the version of tomcat
Description:	Summary: Check the version of tomcat Vulnerability Insight: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) * Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617) * A vulnerability was discovered in Tomcat where the CORS Filter did not send a 'Vary: Origin' HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches. (CVE-2017-7674) Affected Software/OS: tomcat on CentOS 7 Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-12615 BugTraq ID: 100901 http://www.securityfocus.com/bid/100901 https://www.exploit-db.com/exploits/42953/ http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html https://github.com/breaktoprotect/CVE-2017-12615 https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@%3Cannounce.tomcat.apache.org%3E https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2017:3080 https://access.redhat.com/errata/RHSA-2017:3080 RedHat Security Advisories: RHSA-2017:3081 https://access.redhat.com/errata/RHSA-2017:3081 RedHat Security Advisories: RHSA-2017:3113 https://access.redhat.com/errata/RHSA-2017:3113 RedHat Security Advisories: RHSA-2017:3114 https://access.redhat.com/errata/RHSA-2017:3114 RedHat Security Advisories: RHSA-2018:0465 https://access.redhat.com/errata/RHSA-2018:0465 RedHat Security Advisories: RHSA-2018:0466 https://access.redhat.com/errata/RHSA-2018:0466 http://www.securitytracker.com/id/1039392 Common Vulnerability Exposure (CVE) ID: CVE-2017-12617 BugTraq ID: 100954 http://www.securityfocus.com/bid/100954 https://www.exploit-db.com/exploits/42966/ https://www.exploit-db.com/exploits/43008/ https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3E https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2018:0268 https://access.redhat.com/errata/RHSA-2018:0268 RedHat Security Advisories: RHSA-2018:0269 https://access.redhat.com/errata/RHSA-2018:0269 RedHat Security Advisories: RHSA-2018:0270 https://access.redhat.com/errata/RHSA-2018:0270 RedHat Security Advisories: RHSA-2018:0271 https://access.redhat.com/errata/RHSA-2018:0271 RedHat Security Advisories: RHSA-2018:0275 https://access.redhat.com/errata/RHSA-2018:0275 RedHat Security Advisories: RHSA-2018:2939 https://access.redhat.com/errata/RHSA-2018:2939 http://www.securitytracker.com/id/1039552 https://usn.ubuntu.com/3665-1/ Common Vulnerability Exposure (CVE) ID: CVE-2017-5647 Debian Security Information: DSA-3842 (Google Search) http://www.debian.org/security/2017/dsa-3842 Debian Security Information: DSA-3843 (Google Search) http://www.debian.org/security/2017/dsa-3843 https://security.gentoo.org/glsa/201705-09 https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/5796678c5a773c6f3ff57c178ac247d85ceca0dee9190ba48171451a@%3Cusers.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2017:1801 https://access.redhat.com/errata/RHSA-2017:1801 RedHat Security Advisories: RHSA-2017:1802 https://access.redhat.com/errata/RHSA-2017:1802 RedHat Security Advisories: RHSA-2017:2493 https://access.redhat.com/errata/RHSA-2017:2493 RedHat Security Advisories: RHSA-2017:2494 https://access.redhat.com/errata/RHSA-2017:2494 http://www.securitytracker.com/id/1038218 Common Vulnerability Exposure (CVE) ID: CVE-2017-7674 BugTraq ID: 100280 http://www.securityfocus.com/bid/100280 Debian Security Information: DSA-3974 (Google Search) http://www.debian.org/security/2017/dsa-3974 https://lists.apache.org/thread.html/22b4bb077502f847e2b9fcf00b96e81e734466ab459780ff73b60c0f@%3Cannounce.tomcat.apache.org%3E https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html https://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85@%3Cusers.tomcat.apache.org%3E https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4@%3Cusers.tomcat.apache.org%3E https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e@%3Cusers.tomcat.apache.org%3E
Copyright	Copyright (C) 2017 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.