ID CVE-2005-2090
Summary Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
References
Vulnerable Configurations
  • Apache Software Foundation Coyote 1.0
    cpe:2.3:a:apache:coyote_http_connector:1.0
  • Apache Software Foundation Coyote 1.1
    cpe:2.3:a:apache:coyote_http_connector:1.1
  • Apache Software Foundation Tomcat 4.1.24
    cpe:2.3:a:apache:tomcat:4.1.24
  • Apache Software Foundation Tomcat 5.0.19
    cpe:2.3:a:apache:tomcat:5.0.19
CVSS
Base: 4.3 (as of 05-07-2005 - 14:54)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12078.NASL
    description Fixed various issues in tomcat : - mod_jk directory traversal. (CVE-2007-1860) - Handling of cookies containing a ' character. (CVE-2007-3382) - Handling of a double-quote character in cookies. (CVE-2007-3385) - tomcat path traversal / information leak. (CVE-2007-5641) - tomcat HTTP Request Smuggling. (CVE-2005-2090) - tomcat https information disclosure. (CVE-2008-0128)
    last seen 2018-09-01
    modified 2016-12-21
    plugin id 41198
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41198
    title SuSE9 Security Update : Tomcat (YOU Patch Number 12078)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_TOMCAT5-4990.NASL
    description - Cross-site scripting (XSS) vulnerability in example JSP applications. (CVE-2006-7196) - Handling of cookies containing a ' character. (CVE-2007-3382) - Handling of \' in cookies. (CVE-2007-3385) - tomcat path traversal / information leak. (CVE-2007-5641) - directory traversal. (CVE-2007-1860) - tomcat https information disclosure. (CVE-2008-0128) - tomcat HTTP Request Smuggling. (CVE-2005-2090)
    last seen 2018-09-02
    modified 2016-12-22
    plugin id 31298
    published 2008-02-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31298
    title SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 4990)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2008-0002.NASL
    description Updated VirtualCenter fixes the following application vulnerabilities a. Tomcat Server Security Update This release of VirtualCenter Server updates the Tomcat Server package from 5.5.17 to 5.5.25, which addresses multiple security issues that existed in the earlier releases of Tomcat Server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-2090, CVE-2006-7195, and CVE-2007-0450 to these issues. b. JRE Security Update This release of VirtualCenter Server updates the JRE package from 1.5.0_7 to 1.5.0_12, which addresses a security issue that existed in the earlier release of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-3004 to this issue. NOTE: These vulnerabilities can be exploited remotely only if the attacker has access to the service console network. Security best practices provided by VMware recommend that the service console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices.
    last seen 2018-09-02
    modified 2018-08-06
    plugin id 40373
    published 2009-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40373
    title VMSA-2008-0002 : Low severity security update for VirtualCenter and ESX
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_872623AF39EC11DCB8CC000FEA449B8A.NASL
    description Apache Project reports : The Apache Tomcat team is proud to announce the immediate availability of Tomcat 4.1.36 stable. This build contains numerous library updates, A small number of bug fixes and two important security fixes.
    last seen 2018-09-01
    modified 2016-12-08
    plugin id 25784
    published 2007-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25784
    title FreeBSD : tomcat -- multiple vulnerabilities (872623af-39ec-11dc-b8cc-000fea449b8a)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0261.NASL
    description Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. During an internal security review, a cross-site scripting flaw was found that affected the Red Hat Network channel search feature. (CVE-2007-5961) This release also corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Two arbitrary code execution flaws were fixed in the OpenMotif package. (CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 5.0 are advised to upgrade to 5.0.2, which resolves these issues.
    last seen 2018-09-01
    modified 2018-07-27
    plugin id 43835
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43835
    title RHEL 4 : Satellite Server (RHSA-2008:0261)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_APACHE2-MOD_JK-4992.NASL
    description Fixed various issues in tomcat : - CVE-2006-7196: Cross-site scripting (XSS) vulnerability in example JSP applications - CVE-2007-3382: Handling of cookies containing a ' character - CVE-2007-3385: Handling of \' in cookies - CVE-2007-5641: tomcat path traversal / information leak - CVE-2007-1860: directory traversal - CVE-2008-0128: tomcat https information disclosure - CVE-2005-2090: tomcat HTTP Request Smuggling
    last seen 2018-09-02
    modified 2018-07-19
    plugin id 31319
    published 2008-02-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31319
    title openSUSE 10 Security Update : apache2-mod_jk (apache2-mod_jk-4992)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0327.NASL
    description Updated tomcat packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. Tomcat was found to accept multiple content-length headers in a request. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. (CVE-2005-2090) Tomcat permitted various characters as path delimiters. If Tomcat was used behind certain proxies and configured to only proxy some contexts, an attacker could construct an HTTP request to work around the context restriction and potentially access non-proxied content. (CVE-2007-0450) The implict-objects.jsp file distributed in the examples webapp displayed a number of unfiltered header values. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks. (CVE-2006-7195) Users should upgrade to these erratum packages which contain an update to Tomcat that resolves these issues. Updated jakarta-commons-modeler packages are also included which correct a bug when used with Tomcat 5.5.23.
    last seen 2018-09-02
    modified 2018-06-27
    plugin id 25223
    published 2007-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25223
    title CentOS 5 : tomcat (CESA-2007:0327)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-1069.NASL
    description Updated tomcat packages that fix multiple security issues are now available for Red Hat Network Satellite Server. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. It was reported Tomcat did not properly handle the following character sequence in a cookie: \' (a backslash followed by a double-quote). It was possible remote attackers could use this failure to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3385). Tomcat was found treating single quote characters -- ' -- as delimiters in cookies. This could allow remote attackers to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3382). The default Tomcat configuration permitted the use of insecure SSL cipher suites including the anonymous cipher suite. (CVE-2007-1858) Tomcat permitted various characters as path delimiters. If Tomcat was used behind certain proxies and configured to only proxy some contexts, an attacker could construct an HTTP request to work around the context restriction and potentially access non-proxied content. (CVE-2007-0450) Directory listings were enabled by default in Tomcat. Information stored unprotected under the document root was visible to anyone if the administrator did not disable directory listings. (CVE-2006-3835) It was found that generating listings of large directories was CPU intensive. An attacker could make repeated requests to obtain a directory listing of any large directory, leading to a denial of service. (CVE-2005-3510) Tomcat was found to accept multiple content-length headers in a request. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. (CVE-2005-2090) Users should upgrade to these erratum packages which contain an update to Tomcat that resolves these issues, and add the tyrex and jakarta-commons-pool packages which are required dependencies of the new Tomcat version.
    last seen 2018-09-01
    modified 2016-12-29
    plugin id 43834
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43834
    title RHEL 3 / 4 : tomcat in Satellite Server (RHSA-2007:1069)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070717_TOMCAT_ON_SL5_X.NASL
    description Some JSPs within the 'examples' web application did not escape user provided data. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks (CVE-2007-2449). Note: it is recommended the 'examples' web application not be installed on a production system. The Manager and Host Manager web applications did not escape user provided data. If a user is logged in to the Manager or Host Manager web application, an attacker could perform a cross-site scripting attack (CVE-2007-2450). Tomcat was found to accept multiple content-length headers in a request. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. (CVE-2005-2090) Tomcat permitted various characters as path delimiters. If Tomcat was used behind certain proxies and configured to only proxy some contexts, an attacker could construct an HTTP request to work around the context restriction and potentially access non-proxied content. (CVE-2007-0450) The implict-objects.jsp file distributed in the examples webapp displayed a number of unfiltered header values. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks. (CVE-2006-7195)
    last seen 2018-09-01
    modified 2016-12-14
    plugin id 60227
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60227
    title Scientific Linux Security Update : tomcat on SL5.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0343.NASL
    description Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.2 and fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that when JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, JBoss Web would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests. (CVE-2013-4286) It was found that Java Security Manager permissions configured via a policy file were not properly applied, causing all deployed applications to be granted the java.security.AllPermission permission. In certain cases, an attacker could use this flaw to circumvent expected security measures to perform actions which would otherwise be restricted. (CVE-2014-0093) The CVE-2014-0093 issue was discovered by Josef Cacek of the Red Hat JBoss EAP Quality Engineering team. This release serves as an update for Red Hat JBoss Enterprise Application Platform 6.2, and includes bug fixes and enhancements. Documentation for these changes will be available shortly from the Red Hat JBoss Enterprise Application Platform 6.2.2 Release Notes, linked to in the References. All users of Red Hat JBoss Enterprise Application Platform 6.2 on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.
    last seen 2018-09-01
    modified 2018-07-26
    plugin id 73283
    published 2014-04-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73283
    title RHEL 5 : JBoss EAP (RHSA-2014:0343)
  • NASL family Web Servers
    NASL id TOMCAT_5_5_23.NASL
    description According to its self-reported version number, the instance of Apache Tomcat listening on the remote host is 5.0.x equal to or prior to 5.0.30 or 5.5.x prior to 5.5.23. It is, therefore, affected by an HTTP request smuggling vulnerability. Requests containing multiple 'content-length' headers are not rejected as invalid. This error can allow web-cache poisoning, cross-site scripting attacks and information disclosure. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
    last seen 2018-09-02
    modified 2018-08-01
    plugin id 17727
    published 2011-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17727
    title Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.23 Content-Length HTTP Request Smuggling
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0327.NASL
    description From Red Hat Security Advisory 2007:0327 : Updated tomcat packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. Tomcat was found to accept multiple content-length headers in a request. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. (CVE-2005-2090) Tomcat permitted various characters as path delimiters. If Tomcat was used behind certain proxies and configured to only proxy some contexts, an attacker could construct an HTTP request to work around the context restriction and potentially access non-proxied content. (CVE-2007-0450) The implict-objects.jsp file distributed in the examples webapp displayed a number of unfiltered header values. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks. (CVE-2006-7195) Users should upgrade to these erratum packages which contain an update to Tomcat that resolves these issues. Updated jakarta-commons-modeler packages are also included which correct a bug when used with Tomcat 5.5.23.
    last seen 2018-09-02
    modified 2018-07-18
    plugin id 67487
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67487
    title Oracle Linux 5 : tomcat (ELSA-2007-0327)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0327.NASL
    description Updated tomcat packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. Tomcat was found to accept multiple content-length headers in a request. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. (CVE-2005-2090) Tomcat permitted various characters as path delimiters. If Tomcat was used behind certain proxies and configured to only proxy some contexts, an attacker could construct an HTTP request to work around the context restriction and potentially access non-proxied content. (CVE-2007-0450) The implict-objects.jsp file distributed in the examples webapp displayed a number of unfiltered header values. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks. (CVE-2006-7195) Users should upgrade to these erratum packages which contain an update to Tomcat that resolves these issues. Updated jakarta-commons-modeler packages are also included which correct a bug when used with Tomcat 5.5.23.
    last seen 2018-09-02
    modified 2018-07-25
    plugin id 25329
    published 2007-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25329
    title RHEL 5 : tomcat (RHSA-2007:0327)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2007-007.NASL
    description The remote host is running a version of Mac OS X 10.4 or 10.3 which does not have the security update 2007-007 applied. This update contains several security fixes for the following programs : - bzip2 - CFNetwork - CoreAudio - cscope - gnuzip - iChat - Kerberos - mDNSResponder - PDFKit - PHP - Quartz Composer - Samba - SquirrelMail - Tomcat - WebCore - WebKit
    last seen 2018-09-01
    modified 2018-07-14
    plugin id 25830
    published 2007-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25830
    title Mac OS X Multiple Vulnerabilities (Security Update 2007-007)
  • NASL family Web Servers
    NASL id TOMCAT_6_0_13.NASL
    description According to its self-reported version number, the Apache Tomcat instance listening on the remote host is prior to 6.0.13. It is, therefore, affected by the following vulnerabilities : - Requests containing multiple 'content-length' headers are not rejected as invalid. This error can allow web-cache poisoning, cross-site scripting attacks and information disclosure. (CVE-2005-2090) - The remote Apache Tomcat install may be vulnerable to a cross-site scripting attack if the JSP and Servlet examples are enabled. Several of these examples do not properly validate user input. (CVE-2007-1355) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2018-09-01
    modified 2018-08-01
    plugin id 17728
    published 2011-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17728
    title Apache Tomcat < 6.0.13 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0524.NASL
    description Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server 4.2. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Multiple flaws were fixed in the OpenMotif package. (CVE-2004-0687, CVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.
    last seen 2018-09-01
    modified 2018-08-09
    plugin id 43837
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43837
    title RHEL 3 / 4 : Satellite Server (RHSA-2008:0524)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0344.NASL
    description Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.2 and fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that when JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, JBoss Web would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests. (CVE-2013-4286) It was found that Java Security Manager permissions configured via a policy file were not properly applied, causing all deployed applications to be granted the java.security.AllPermission permission. In certain cases, an attacker could use this flaw to circumvent expected security measures to perform actions which would otherwise be restricted. (CVE-2014-0093) The CVE-2014-0093 issue was discovered by Josef Cacek of the Red Hat JBoss EAP Quality Engineering team. This release serves as an update for Red Hat JBoss Enterprise Application Platform 6.2, and includes bug fixes and enhancements. Documentation for these changes will be available shortly from the Red Hat JBoss Enterprise Application Platform 6.2.2 Release Notes, linked to in the References. All users of Red Hat JBoss Enterprise Application Platform 6.2 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.
    last seen 2018-09-01
    modified 2018-07-26
    plugin id 73284
    published 2014-04-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73284
    title RHEL 6 : JBoss EAP (RHSA-2014:0344)
  • NASL family Web Servers
    NASL id TOMCAT_4_1_36.NASL
    description According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.36. It is, therefore, affected by the following vulnerabilities : - Requests containing multiple 'content-length' headers are not rejected as invalid. This error can allow web-cache poisoning, cross-site scripting attacks and information disclosure. (CVE-2005-2090) - An input sanitization error exists that can allow disclosure of sensitive information via directory traversal. This vulnerability is exposed when the server is configured to use the 'Proxy' module. (CVE-2007-0450) - 'Accept-Language' headers are not validated properly, which can allow cross-site scripting attacks. (CVE-2007-1358) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2018-09-01
    modified 2018-08-01
    plugin id 17726
    published 2011-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17726
    title Apache Tomcat 4.x < 4.1.36 Multiple Vulnerabilities
oval via4
accepted 2013-04-29T04:06:11.064-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
family unix
id oval:org.mitre.oval:def:10499
status accepted
submitted 2010-07-09T03:56:16-04:00
title Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
version 17
redhat via4
advisories
  • rhsa
    id RHSA-2007:0327
  • rhsa
    id RHSA-2007:0360
  • rhsa
    id RHSA-2008:0261
rpms
  • tomcat5-0:5.5.23-0jpp.1.0.3.el5
  • tomcat5-admin-webapps-0:5.5.23-0jpp.1.0.3.el5
  • tomcat5-common-lib-0:5.5.23-0jpp.1.0.3.el5
  • tomcat5-jasper-0:5.5.23-0jpp.1.0.3.el5
  • tomcat5-jasper-javadoc-0:5.5.23-0jpp.1.0.3.el5
  • tomcat5-jsp-2.0-api-0:5.5.23-0jpp.1.0.3.el5
  • tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.1.0.3.el5
  • tomcat5-server-lib-0:5.5.23-0jpp.1.0.3.el5
  • tomcat5-servlet-2.4-api-0:5.5.23-0jpp.1.0.3.el5
  • tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.1.0.3.el5
  • tomcat5-webapps-0:5.5.23-0jpp.1.0.3.el5
  • jakarta-commons-modeler-0:1.1-8jpp.1.0.2.el5
  • jakarta-commons-modeler-javadoc-0:1.1-8jpp.1.0.2.el5
refmap via4
apple APPLE-SA-2007-07-31
bid
  • 13873
  • 25159
bugtraq
  • 20050606 A new whitepaper by Watchfire - HTTP Request Smuggling
  • 20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1
  • 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
  • 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)
confirm
hp
  • HPSBUX02262
  • SSRT071447
misc
mlist [Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1
sectrack 1014365
secunia
  • 26235
  • 26660
  • 27037
  • 28365
  • 29242
  • 30899
  • 30908
  • 33668
sunalert 239312
suse SUSE-SR:2008:005
vupen
  • ADV-2007-2732
  • ADV-2007-3087
  • ADV-2007-3386
  • ADV-2008-0065
  • ADV-2008-1979
  • ADV-2009-0233
Last major update 07-03-2011 - 21:23
Published 05-07-2005 - 00:00
Last modified 10-10-2017 - 21:30
Back to Top