Vulnerability CVE-2013-4590 - CERT Civis.Net

Vulnerability Name:

CVE-2013-4590 (CCN-91424)

Assigned:

2013-06-12

Published:

2014-02-25

Updated:

2019-04-15

Summary:

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

1.2 Low (REDHAT CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N)
0.9 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-200
CWE-611

Vulnerability Consequences:

Obtain Information

References:

Source: CONFIRM
Type: Third Party Advisory
http://advisories.mageia.org/MGASA-2014-0148.html

Source: MITRE
Type: CNA
CVE-2013-4590

Source: HP
Type: Mailing List
HPSBOV03503

Source: CCN
Type: RHSA-2014-1038
Low: tomcat6 security update

Source: CCN
Type: RHSA-2014-1087
Important: Red Hat JBoss Web Server 2.1.0 update

Source: CCN
Type: RHSA-2014-1088
Important: Red Hat JBoss Web Server 2.1.0 update

Source: CCN
Type: Bugtraq Mailing List: Tue, 25 Feb 2014
[SECURITY] CVE-2013-4590 Information disclosure via XXE when running untrusted web applications

Source: SECUNIA
Type: Permissions Required, Third Party Advisory
59036

Source: SECUNIA
Type: Permissions Required, Third Party Advisory
59722

Source: SECUNIA
Type: Permissions Required, Third Party Advisory
59724

Source: SECUNIA
Type: Permissions Required, Third Party Advisory
59873

Source: CONFIRM
Type: Issue Tracking
http://svn.apache.org/viewvc?view=revision&revision=1549528

Source: CONFIRM
Type: Issue Tracking
http://svn.apache.org/viewvc?view=revision&revision=1549529

Source: CONFIRM
Type: Issue Tracking
http://svn.apache.org/viewvc?view=revision&revision=1558828

Source: CCN
Type: Apache Web site
Tomcat

Source: CONFIRM
Type: Vendor Advisory
http://tomcat.apache.org/security-6.html

Source: CONFIRM
Type: Vendor Advisory
http://tomcat.apache.org/security-7.html

Source: CONFIRM
Type: Vendor Advisory
http://tomcat.apache.org/security-8.html

Source: CONFIRM
Type: Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21667883

Source: CONFIRM
Type: Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21675886

Source: CONFIRM
Type: Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677147

Source: CONFIRM
Type: Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21678231

Source: DEBIAN
Type: Third Party Advisory
DSA-3530

Source: CCN
Type: IBM Security Bulletin 1667883
Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerablity (CVE-2013-4286, CVE-2013-4322, CVE-2013-4590)

Source: CCN
Type: IBM Security Bulletin 1669383
Apache Tomcat and FileUpload Vulnerabilities in IBM UrbanCode Deploy (CVE-2014-0050, CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)

Source: CCN
Type: IBM Security Bulletin 1672321
Apache Tomcat and FileUpload Vulnerabilities in IBM UrbanCode Release (CVE-2014-0050, CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)

Source: CCN
Type: IBM Security Bulletin 1673072
Rational Directory Server could be affected by vulnerabilities in Apache Tomcat server (CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, and CVE-2013-4590)

Source: CCN
Type: IBM Security Bulletin 1675006
Multiple Apache Tomcat vulnerabilities in IBM Algo Audit and Compliance (CVE-2013-4286, CVE-2013-4322, CVE-2013-4590, CVE-2014-0033)

Source: CCN
Type: IBM Security Bulletin 1675886
IBM Rational Connector for SAP Solution Manager (CVE-2013-4286 CVE-2014-0033 CVE-2013-4322 CVE-2013-4590)

Source: CCN
Type: IBM Security Bulletin 1676186
Security vulnerabilities in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology (CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)

Source: CCN
Type: IBM Security Bulletin 1676983
Security vulnerabilities in Apache Tomcat in Rational DOORS Web Access

Source: CCN
Type: IBM Security Bulletin 1677147
Multiple vulnerabilities in Apache Tomcat used by IBM QRadar Security Information and Event Manager 7.1 MR2, and 7.2 MR2. (CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)

Source: CCN
Type: IBM Security Bulletin 1677448
IBM OpenPages GRC Platform, multiple vulnerabilities in bundled version of Apache Tomcat

Source: CCN
Type: IBM Security Bulletin 1678231
Rational Lifecycle Adapter for HP ALM Apache Tomcat fix (CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590, CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119)

Source: CCN
Type: IBM Security Bulletin 1678892
Tivoli Application Dependency Discovery Manager - Open Source Tomcat issues reported between March - May 2014.

Source: CCN
Type: IBM Security Bulletin 1679568
Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerablity (CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119)

Source: CCN
Type: IBM Security Bulletin 1680754
Security vulnerabilities in Apache Tomcat for WebSphere Application Server Community Edition 2.1.1.6 and 3.0.0.4(CVE-2013-4286,CVE-2012-3544,CVE-2013-4322,CVE-2013-4590,CVE-2014-0033)

Source: CCN
Type: IBM Security Bulletin 1687761
IBM Algo One is affected by multiple Open Source Tomcat security vulnerabilities (CVE-2013-4444, CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)

Source: CCN
Type: IBM Security Bulletin 1691579
Vulnerabilities in tomcat affect SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance (CVE-2013-4590, CVE-2014-0119)

Source: MANDRIVA
Type: Third Party Advisory
MDVSA-2015:052

Source: MANDRIVA
Type: Third Party Advisory
MDVSA-2015:084

Source: CCN
Type: Oracle CPUOct2016
Oracle Critical Patch Update Advisory - October 2016

Source: CONFIRM
Type: Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Source: BID
Type: Third Party Advisory, VDB Entry
65768

Source: CCN
Type: BID-65768
Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2014-0008.html

Source: CONFIRM
Type: Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1069911

Source: XF
Type: UNKNOWN
tomcat-cve20134590-info-disc(91424)

Source: CONFIRM
Type: UNKNOWN
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/

Source: MLIST
Type: UNKNOWN
[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/

Source: CCN
Type: IBM Security Bulletin 6496741 (Sterling B2B Integrator)
Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator

Source: CCN
Type: IBM Security Bulletin 6595755 (Disconnected Log Collector)
IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6858013 (Tivoli Application Dependency Discovery Manager)
TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-4590

Vulnerable Configuration:

Configuration 1:

cpe:/a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc3:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc4:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc6:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc7:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc8:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc9:*:*:*:*:*:*

Configuration 2:

cpe:/o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:apache:tomcat:1.1.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.1.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.2.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.2.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.2.2:beta2:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.2.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.2.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.3.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.3.1a:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:3.3.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.0.6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.9:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.24:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.28:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.29:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.31:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:4.1.36:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.7:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.8:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.9:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.14:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.16:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.17:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.18:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.19:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.21:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.22:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.23:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.24:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.25:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.26:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.27:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.28:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.29:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.0.30:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.7:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.8:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.9:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.14:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.16:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.17:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.18:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.19:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.20:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.21:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.22:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.23:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.24:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.25:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.26:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.27:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.28:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.29:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.30:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.31:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.32:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.33:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.34:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:5.5.35:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.14:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.16:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.17:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.18:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.19:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.20:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.24:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.26:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.27:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.28:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.29:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.30:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.31:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.32:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.33:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.35:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.36:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:*:*:*:*:*:*:*:* (Version <= 6.0.37)

Configuration 4:

cpe:/a:apache:tomcat:7.0.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.14:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.16:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.17:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.18:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.19:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.20:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.21:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.22:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.23:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.24:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.25:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.26:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.27:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.28:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.29:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.30:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.31:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.32:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.33:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.34:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.35:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.36:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.37:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.38:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.39:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.40:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.41:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.42:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.43:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.44:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.45:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.46:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.50:*:*:*:*:*:*:*

Configuration 5:

cpe:/o:oracle:solaris:11.2:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:apache:tomcat:7:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.33:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:6.0.35:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_directory_server:5.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_directory_server:5.2.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_directory_server:5.2.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_directory_server:5.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_directory_server:5.1.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:smartcloud_provisioning:2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:smartcloud_provisioning:2.1.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:urbancode:6.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:urbancode:6.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:algo_audit_and_compliance:2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:urbancode:6.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:urbancode:6.0.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:urbancode:6.0.1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:urbancode:6.0.1.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:smartcloud_provisioning:2.1.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:smartcloud_provisioning:2.1.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:3.0.0.4:-:community:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:urbancode_deploy:6.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:urbancode_deploy:6.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:urbancode_deploy:6.0.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:urbancode_deploy:6.0.1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:urbancode_deploy:6.0.1.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_connector:4:*:*:*:sap_solution_manager:*:*:*

OR cpe:/a:ibm:openpages_grc_platform:6.0.1.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:openpages_grc_platform:6.1.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.1.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.0.1.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.5.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_web_access:1.4.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_web_access:1.4.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_web_access:1.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_web_access:1.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_web_access:9.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_web_access:9.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_web_access:9.5.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_web_access:9.5.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_web_access:9.5.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_web_access:9.5.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_web_access:9.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_doors_web_access:9.6.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_b2b_integrator:5.2.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.cisecurity:def:585	P	DSA-3530-1 -- tomcat6 -- security update	2016-07-01
oval:org.mitre.oval:def:27228	P	ELSA-2014-1038 -- tomcat6 security update (low)	2014-12-15
oval:org.mitre.oval:def:26374	P	RHSA-2014:1038: tomcat6 security update (Low)	2014-10-13
oval:com.redhat.rhsa:def:20141038	P	RHSA-2014:1038: tomcat6 security update (Low)	2014-08-11
oval:com.ubuntu.bionic:def:201345900000000	V	CVE-2013-4590 on Ubuntu 18.04 LTS (bionic) - low.	2014-02-26
oval:com.ubuntu.precise:def:20134590000	V	CVE-2013-4590 on Ubuntu 12.04 LTS (precise) - low.	2014-02-26
oval:com.ubuntu.artful:def:20134590000	V	CVE-2013-4590 on Ubuntu 17.10 (artful) - low.	2014-02-26
oval:com.ubuntu.xenial:def:201345900000000	V	CVE-2013-4590 on Ubuntu 16.04 LTS (xenial) - low.	2014-02-26
oval:com.ubuntu.trusty:def:20134590000	V	CVE-2013-4590 on Ubuntu 14.04 LTS (trusty) - low.	2014-02-26
oval:com.ubuntu.bionic:def:20134590000	V	CVE-2013-4590 on Ubuntu 18.04 LTS (bionic) - low.	2014-02-26
oval:com.ubuntu.xenial:def:20134590000	V	CVE-2013-4590 on Ubuntu 16.04 LTS (xenial) - low.	2014-02-26
oval:com.ubuntu.cosmic:def:201345900000000	V	CVE-2013-4590 on Ubuntu 18.10 (cosmic) - low.	2014-02-26
oval:com.ubuntu.cosmic:def:20134590000	V	CVE-2013-4590 on Ubuntu 18.10 (cosmic) - low.	2014-02-26