ID CVE-2013-4590
Summary Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
Vulnerable Configurations
  • Apache Software Foundation Tomcat 8.0.0 Release Candidate 1
    cpe:2.3:a:apache:tomcat:8.0.0:rc1
  • Apache Software Foundation Tomcat 8.0.0 Release Candidate 2
    cpe:2.3:a:apache:tomcat:8.0.0:rc2
  • cpe:2.3:a:apache:tomcat:8.0.0:rc3
    cpe:2.3:a:apache:tomcat:8.0.0:rc3
  • cpe:2.3:a:apache:tomcat:8.0.0:rc4
    cpe:2.3:a:apache:tomcat:8.0.0:rc4
  • Apache Software Foundation Tomcat 8.0.0 release candidate 5
    cpe:2.3:a:apache:tomcat:8.0.0:rc5
  • cpe:2.3:a:apache:tomcat:8.0.0:rc6
    cpe:2.3:a:apache:tomcat:8.0.0:rc6
  • cpe:2.3:a:apache:tomcat:8.0.0:rc7
    cpe:2.3:a:apache:tomcat:8.0.0:rc7
  • cpe:2.3:a:apache:tomcat:8.0.0:rc8
    cpe:2.3:a:apache:tomcat:8.0.0:rc8
  • cpe:2.3:a:apache:tomcat:8.0.0:rc9
    cpe:2.3:a:apache:tomcat:8.0.0:rc9
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Apache Software Foundation Tomcat 1.1.3
    cpe:2.3:a:apache:tomcat:1.1.3
  • Apache Software Foundation Tomcat 3.0
    cpe:2.3:a:apache:tomcat:3.0
  • Apache Software Foundation Tomcat 3.1
    cpe:2.3:a:apache:tomcat:3.1
  • Apache Software Foundation Tomcat 3.1.1
    cpe:2.3:a:apache:tomcat:3.1.1
  • Apache Software Foundation Tomcat 3.2
    cpe:2.3:a:apache:tomcat:3.2
  • Apache Software Foundation Tomcat 3.2.1
    cpe:2.3:a:apache:tomcat:3.2.1
  • Apache Software Foundation Tomcat 3.2.2
    cpe:2.3:a:apache:tomcat:3.2.2
  • Apache Software Foundation Tomcat 3.2.2 Beta2
    cpe:2.3:a:apache:tomcat:3.2.2:beta2
  • Apache Software Foundation Tomcat 3.2.3
    cpe:2.3:a:apache:tomcat:3.2.3
  • Apache Software Foundation Tomcat 3.2.4
    cpe:2.3:a:apache:tomcat:3.2.4
  • Apache Software Foundation Tomcat 3.3
    cpe:2.3:a:apache:tomcat:3.3
  • Apache Software Foundation Tomcat 3.3.1
    cpe:2.3:a:apache:tomcat:3.3.1
  • Apache Software Foundation Tomcat 3.3.1a
    cpe:2.3:a:apache:tomcat:3.3.1a
  • Apache Software Foundation Tomcat 3.3.2
    cpe:2.3:a:apache:tomcat:3.3.2
  • Apache Software Foundation Tomcat 4
    cpe:2.3:a:apache:tomcat:4
  • Apache Software Foundation Tomcat 4.0.0
    cpe:2.3:a:apache:tomcat:4.0.0
  • Apache Software Foundation Tomcat 4.0.1
    cpe:2.3:a:apache:tomcat:4.0.1
  • Apache Software Foundation Tomcat 4.0.2
    cpe:2.3:a:apache:tomcat:4.0.2
  • Apache Software Foundation Tomcat 4.0.3
    cpe:2.3:a:apache:tomcat:4.0.3
  • Apache Software Foundation Tomcat 4.0.4
    cpe:2.3:a:apache:tomcat:4.0.4
  • Apache Software Foundation Tomcat 4.0.5
    cpe:2.3:a:apache:tomcat:4.0.5
  • Apache Software Foundation Tomcat 4.0.6
    cpe:2.3:a:apache:tomcat:4.0.6
  • Apache Software Foundation Tomcat 4.1.0
    cpe:2.3:a:apache:tomcat:4.1.0
  • Apache Software Foundation Tomcat 4.1.1
    cpe:2.3:a:apache:tomcat:4.1.1
  • Apache Software Foundation Tomcat 4.1.2
    cpe:2.3:a:apache:tomcat:4.1.2
  • Apache Software Foundation Tomcat 4.1.3
    cpe:2.3:a:apache:tomcat:4.1.3
  • Apache Software Foundation Tomcat 4.1.3 beta
    cpe:2.3:a:apache:tomcat:4.1.3:beta
  • Apache Software Foundation Tomcat 4.1.9 beta
    cpe:2.3:a:apache:tomcat:4.1.9:beta
  • Apache Software Foundation Tomcat 4.1.10
    cpe:2.3:a:apache:tomcat:4.1.10
  • Apache Software Foundation Tomcat 4.1.12
    cpe:2.3:a:apache:tomcat:4.1.12
  • Apache Software Foundation Tomcat 4.1.15
    cpe:2.3:a:apache:tomcat:4.1.15
  • Apache Software Foundation Tomcat 4.1.24
    cpe:2.3:a:apache:tomcat:4.1.24
  • Apache Software Foundation Tomcat 4.1.28
    cpe:2.3:a:apache:tomcat:4.1.28
  • Apache Software Foundation Tomcat 4.1.29
    cpe:2.3:a:apache:tomcat:4.1.29
  • Apache Software Foundation Tomcat 4.1.31
    cpe:2.3:a:apache:tomcat:4.1.31
  • Apache Software Foundation Tomcat 4.1.36
    cpe:2.3:a:apache:tomcat:4.1.36
  • Apache Software Foundation Tomcat 5
    cpe:2.3:a:apache:tomcat:5
  • Apache Software Foundation Tomcat 5.0.0
    cpe:2.3:a:apache:tomcat:5.0.0
  • Apache Software Foundation Tomcat 5.0.1
    cpe:2.3:a:apache:tomcat:5.0.1
  • Apache Software Foundation Tomcat 5.0.2
    cpe:2.3:a:apache:tomcat:5.0.2
  • Apache Software Foundation Tomcat 5.0.3
    cpe:2.3:a:apache:tomcat:5.0.3
  • Apache Software Foundation Tomcat 5.0.4
    cpe:2.3:a:apache:tomcat:5.0.4
  • Apache Software Foundation Tomcat 5.0.5
    cpe:2.3:a:apache:tomcat:5.0.5
  • Apache Software Foundation Tomcat 5.0.6
    cpe:2.3:a:apache:tomcat:5.0.6
  • Apache Software Foundation Tomcat 5.0.7
    cpe:2.3:a:apache:tomcat:5.0.7
  • Apache Software Foundation Tomcat 5.0.8
    cpe:2.3:a:apache:tomcat:5.0.8
  • Apache Software Foundation Tomcat 5.0.9
    cpe:2.3:a:apache:tomcat:5.0.9
  • Apache Software Foundation Tomcat 5.0.10
    cpe:2.3:a:apache:tomcat:5.0.10
  • Apache Software Foundation Tomcat 5.0.11
    cpe:2.3:a:apache:tomcat:5.0.11
  • Apache Software Foundation Tomcat 5.0.12
    cpe:2.3:a:apache:tomcat:5.0.12
  • Apache Software Foundation Tomcat 5.0.13
    cpe:2.3:a:apache:tomcat:5.0.13
  • Apache Software Foundation Tomcat 5.0.14
    cpe:2.3:a:apache:tomcat:5.0.14
  • Apache Software Foundation Tomcat 5.0.15
    cpe:2.3:a:apache:tomcat:5.0.15
  • Apache Software Foundation Tomcat 5.0.16
    cpe:2.3:a:apache:tomcat:5.0.16
  • Apache Software Foundation Tomcat 5.0.17
    cpe:2.3:a:apache:tomcat:5.0.17
  • Apache Software Foundation Tomcat 5.0.18
    cpe:2.3:a:apache:tomcat:5.0.18
  • Apache Software Foundation Tomcat 5.0.19
    cpe:2.3:a:apache:tomcat:5.0.19
  • Apache Software Foundation Tomcat 5.0.21
    cpe:2.3:a:apache:tomcat:5.0.21
  • Apache Software Foundation Tomcat 5.0.22
    cpe:2.3:a:apache:tomcat:5.0.22
  • Apache Software Foundation Tomcat 5.0.23
    cpe:2.3:a:apache:tomcat:5.0.23
  • Apache Software Foundation Tomcat 5.0.24
    cpe:2.3:a:apache:tomcat:5.0.24
  • Apache Software Foundation Tomcat 5.0.25
    cpe:2.3:a:apache:tomcat:5.0.25
  • Apache Software Foundation Tomcat 5.0.26
    cpe:2.3:a:apache:tomcat:5.0.26
  • Apache Software Foundation Tomcat 5.0.27
    cpe:2.3:a:apache:tomcat:5.0.27
  • Apache Software Foundation Tomcat 5.0.28
    cpe:2.3:a:apache:tomcat:5.0.28
  • Apache Software Foundation Tomcat 5.0.29
    cpe:2.3:a:apache:tomcat:5.0.29
  • Apache Software Foundation Tomcat 5.0.30
    cpe:2.3:a:apache:tomcat:5.0.30
  • Apache Software Foundation Tomcat 5.5.0
    cpe:2.3:a:apache:tomcat:5.5.0
  • Apache Software Foundation Tomcat 5.5.1
    cpe:2.3:a:apache:tomcat:5.5.1
  • Apache Software Foundation Tomcat 5.5.2
    cpe:2.3:a:apache:tomcat:5.5.2
  • Apache Software Foundation Tomcat 5.5.3
    cpe:2.3:a:apache:tomcat:5.5.3
  • Apache Software Foundation Tomcat 5.5.4
    cpe:2.3:a:apache:tomcat:5.5.4
  • Apache Software Foundation Tomcat 5.5.5
    cpe:2.3:a:apache:tomcat:5.5.5
  • Apache Software Foundation Tomcat 5.5.6
    cpe:2.3:a:apache:tomcat:5.5.6
  • Apache Software Foundation Tomcat 5.5.7
    cpe:2.3:a:apache:tomcat:5.5.7
  • Apache Software Foundation Tomcat 5.5.8
    cpe:2.3:a:apache:tomcat:5.5.8
  • Apache Software Foundation Tomcat 5.5.9
    cpe:2.3:a:apache:tomcat:5.5.9
  • Apache Software Foundation Tomcat 5.5.10
    cpe:2.3:a:apache:tomcat:5.5.10
  • Apache Software Foundation Tomcat 5.5.11
    cpe:2.3:a:apache:tomcat:5.5.11
  • Apache Software Foundation Tomcat 5.5.12
    cpe:2.3:a:apache:tomcat:5.5.12
  • Apache Software Foundation Tomcat 5.5.13
    cpe:2.3:a:apache:tomcat:5.5.13
  • Apache Software Foundation Tomcat 5.5.14
    cpe:2.3:a:apache:tomcat:5.5.14
  • Apache Software Foundation Tomcat 5.5.15
    cpe:2.3:a:apache:tomcat:5.5.15
  • Apache Software Foundation Tomcat 5.5.16
    cpe:2.3:a:apache:tomcat:5.5.16
  • Apache Software Foundation Tomcat 5.5.17
    cpe:2.3:a:apache:tomcat:5.5.17
  • Apache Software Foundation Tomcat 5.5.18
    cpe:2.3:a:apache:tomcat:5.5.18
  • Apache Software Foundation Tomcat 5.5.19
    cpe:2.3:a:apache:tomcat:5.5.19
  • Apache Software Foundation Tomcat 5.5.20
    cpe:2.3:a:apache:tomcat:5.5.20
  • Apache Software Foundation Tomcat 5.5.21
    cpe:2.3:a:apache:tomcat:5.5.21
  • Apache Software Foundation Tomcat 5.5.22
    cpe:2.3:a:apache:tomcat:5.5.22
  • Apache Software Foundation Tomcat 5.5.23
    cpe:2.3:a:apache:tomcat:5.5.23
  • Apache Software Foundation Tomcat 5.5.24
    cpe:2.3:a:apache:tomcat:5.5.24
  • Apache Software Foundation Tomcat 5.5.25
    cpe:2.3:a:apache:tomcat:5.5.25
  • Apache Software Foundation Tomcat 5.5.26
    cpe:2.3:a:apache:tomcat:5.5.26
  • Apache Software Foundation Tomcat 5.5.27
    cpe:2.3:a:apache:tomcat:5.5.27
  • Apache Software Foundation Tomcat 5.5.28
    cpe:2.3:a:apache:tomcat:5.5.28
  • Apache Software Foundation Tomcat 5.5.29
    cpe:2.3:a:apache:tomcat:5.5.29
  • Apache Software Foundation Tomcat 5.5.30
    cpe:2.3:a:apache:tomcat:5.5.30
  • Apache Software Foundation Tomcat 5.5.31
    cpe:2.3:a:apache:tomcat:5.5.31
  • Apache Software Foundation Tomcat 5.5.32
    cpe:2.3:a:apache:tomcat:5.5.32
  • Apache Software Foundation Tomcat 5.5.33
    cpe:2.3:a:apache:tomcat:5.5.33
  • Apache Software Foundation Tomcat 5.5.34
    cpe:2.3:a:apache:tomcat:5.5.34
  • Apache Software Foundation Tomcat 5.5.35
    cpe:2.3:a:apache:tomcat:5.5.35
  • Apache Software Foundation Tomcat 6
    cpe:2.3:a:apache:tomcat:6
  • Apache Software Foundation Tomcat 6.0
    cpe:2.3:a:apache:tomcat:6.0
  • Apache Software Foundation Tomcat 6.0.0
    cpe:2.3:a:apache:tomcat:6.0.0
  • Apache Software Foundation Tomcat 6.0.0 alpha
    cpe:2.3:a:apache:tomcat:6.0.0:alpha
  • Apache Software Foundation Tomcat 6.0.1
    cpe:2.3:a:apache:tomcat:6.0.1
  • Apache Software Foundation Tomcat 6.0.1 alpha
    cpe:2.3:a:apache:tomcat:6.0.1:alpha
  • Apache Software Foundation Tomcat 6.0.2
    cpe:2.3:a:apache:tomcat:6.0.2
  • Apache Software Foundation Tomcat 6.0.2 alpha
    cpe:2.3:a:apache:tomcat:6.0.2:alpha
  • Apache Software Foundation Tomcat 6.0.2 beta
    cpe:2.3:a:apache:tomcat:6.0.2:beta
  • Apache Software Foundation Tomcat 6.0.3
    cpe:2.3:a:apache:tomcat:6.0.3
  • Apache Software Foundation Tomcat 6.0.10
    cpe:2.3:a:apache:tomcat:6.0.10
  • Apache Software Foundation Tomcat 6.0.11
    cpe:2.3:a:apache:tomcat:6.0.11
  • Apache Software Foundation Tomcat 6.0.12
    cpe:2.3:a:apache:tomcat:6.0.12
  • Apache Software Foundation Tomcat 6.0.13
    cpe:2.3:a:apache:tomcat:6.0.13
  • Apache Software Foundation Tomcat 6.0.14
    cpe:2.3:a:apache:tomcat:6.0.14
  • Apache Software Foundation Tomcat 6.0.15
    cpe:2.3:a:apache:tomcat:6.0.15
  • Apache Software Foundation Tomcat 6.0.16
    cpe:2.3:a:apache:tomcat:6.0.16
  • Apache Software Foundation Tomcat 6.0.17
    cpe:2.3:a:apache:tomcat:6.0.17
  • Apache Software Foundation Tomcat 6.0.18
    cpe:2.3:a:apache:tomcat:6.0.18
  • Apache Software Foundation Tomcat 6.0.19
    cpe:2.3:a:apache:tomcat:6.0.19
  • Apache Software Foundation Tomcat 6.0.20
    cpe:2.3:a:apache:tomcat:6.0.20
  • Apache Software Foundation Tomcat 6.0.24
    cpe:2.3:a:apache:tomcat:6.0.24
  • Apache Software Foundation Tomcat 6.0.26
    cpe:2.3:a:apache:tomcat:6.0.26
  • Apache Software Foundation Tomcat 6.0.27
    cpe:2.3:a:apache:tomcat:6.0.27
  • Apache Software Foundation Tomcat 6.0.28
    cpe:2.3:a:apache:tomcat:6.0.28
  • Apache Software Foundation Tomcat 6.0.29
    cpe:2.3:a:apache:tomcat:6.0.29
  • Apache Software Foundation Tomcat 6.0.30
    cpe:2.3:a:apache:tomcat:6.0.30
  • Apache Software Foundation Tomcat 6.0.31
    cpe:2.3:a:apache:tomcat:6.0.31
  • Apache Software Foundation Tomcat 6.0.32
    cpe:2.3:a:apache:tomcat:6.0.32
  • Apache Software Foundation Tomcat 6.0.33
    cpe:2.3:a:apache:tomcat:6.0.33
  • Apache Software Foundation Tomcat 6.0.35
    cpe:2.3:a:apache:tomcat:6.0.35
  • Apache Software Foundation Tomcat 6.0.36
    cpe:2.3:a:apache:tomcat:6.0.36
  • Apache Software Foundation Tomcat 6.0.37
    cpe:2.3:a:apache:tomcat:6.0.37
  • Apache Software Foundation Tomcat 7.0.0
    cpe:2.3:a:apache:tomcat:7.0.0
  • Apache Software Foundation Tomcat 7.0.0 beta
    cpe:2.3:a:apache:tomcat:7.0.0:beta
  • Apache Software Foundation Tomcat 7.0.1
    cpe:2.3:a:apache:tomcat:7.0.1
  • Apache Software Foundation Tomcat 7.0.2
    cpe:2.3:a:apache:tomcat:7.0.2
  • Apache Software Foundation Tomcat 7.0.2 beta
    cpe:2.3:a:apache:tomcat:7.0.2:beta
  • Apache Software Foundation Tomcat 7.0.3
    cpe:2.3:a:apache:tomcat:7.0.3
  • Apache Software Foundation Tomcat 7.0.4
    cpe:2.3:a:apache:tomcat:7.0.4
  • Apache Software Foundation Tomcat 7.0.4 beta
    cpe:2.3:a:apache:tomcat:7.0.4:beta
  • Apache Software Foundation Tomcat 7.0.10
    cpe:2.3:a:apache:tomcat:7.0.10
  • Apache Software Foundation Tomcat 7.0.11
    cpe:2.3:a:apache:tomcat:7.0.11
  • Apache Software Foundation Tomcat 7.0.12
    cpe:2.3:a:apache:tomcat:7.0.12
  • Apache Software Foundation Tomcat 7.0.13
    cpe:2.3:a:apache:tomcat:7.0.13
  • Apache Software Foundation Tomcat 7.0.14
    cpe:2.3:a:apache:tomcat:7.0.14
  • Apache Software Foundation Tomcat 7.0.15
    cpe:2.3:a:apache:tomcat:7.0.15
  • Apache Software Foundation Tomcat 7.0.16
    cpe:2.3:a:apache:tomcat:7.0.16
  • Apache Software Foundation Tomcat 7.0.17
    cpe:2.3:a:apache:tomcat:7.0.17
  • Apache Software Foundation Tomcat 7.0.18
    cpe:2.3:a:apache:tomcat:7.0.18
  • Apache Software Foundation Tomcat 7.0.19
    cpe:2.3:a:apache:tomcat:7.0.19
  • Apache Software Foundation Tomcat 7.0.20
    cpe:2.3:a:apache:tomcat:7.0.20
  • Apache Software Foundation Tomcat 7.0.21
    cpe:2.3:a:apache:tomcat:7.0.21
  • Apache Software Foundation Tomcat 7.0.22
    cpe:2.3:a:apache:tomcat:7.0.22
  • Apache Software Foundation Tomcat 7.0.23
    cpe:2.3:a:apache:tomcat:7.0.23
  • Apache Software Foundation Tomcat 7.0.24
    cpe:2.3:a:apache:tomcat:7.0.24
  • Apache Software Foundation Tomcat 7.0.25
    cpe:2.3:a:apache:tomcat:7.0.25
  • Apache Software Foundation Tomcat 7.0.26
    cpe:2.3:a:apache:tomcat:7.0.26
  • Apache Software Foundation Tomcat 7.0.27
    cpe:2.3:a:apache:tomcat:7.0.27
  • Apache Software Foundation Tomcat 7.0.28
    cpe:2.3:a:apache:tomcat:7.0.28
  • Apache Software Foundation Tomcat 7.0.29
    cpe:2.3:a:apache:tomcat:7.0.29
  • Apache Software Foundation Tomcat 7.0.30
    cpe:2.3:a:apache:tomcat:7.0.30
  • Apache Software Foundation Tomcat 7.0.31
    cpe:2.3:a:apache:tomcat:7.0.31
  • Apache Software Foundation Tomcat 7.0.32
    cpe:2.3:a:apache:tomcat:7.0.32
  • Apache Software Foundation Tomcat 7.0.33
    cpe:2.3:a:apache:tomcat:7.0.33
  • Apache Software Foundation Tomcat 7.0.34
    cpe:2.3:a:apache:tomcat:7.0.34
  • Apache Software Foundation Tomcat 7.0.35
    cpe:2.3:a:apache:tomcat:7.0.35
  • Apache Software Foundation Tomcat 7.0.36
    cpe:2.3:a:apache:tomcat:7.0.36
  • Apache Software Foundation Tomcat 7.0.37
    cpe:2.3:a:apache:tomcat:7.0.37
  • Apache Software Foundation Tomcat 7.0.38
    cpe:2.3:a:apache:tomcat:7.0.38
  • Apache Software Foundation Tomcat 7.0.39
    cpe:2.3:a:apache:tomcat:7.0.39
  • Apache Software Foundation Tomcat 7.0.40
    cpe:2.3:a:apache:tomcat:7.0.40
  • Apache Software Foundation Tomcat 7.0.41
    cpe:2.3:a:apache:tomcat:7.0.41
  • Apache Software Foundation Tomcat 7.0.42
    cpe:2.3:a:apache:tomcat:7.0.42
  • Apache Software Foundation Tomcat 7.0.43
    cpe:2.3:a:apache:tomcat:7.0.43
  • Apache Software Foundation Tomcat 7.0.44
    cpe:2.3:a:apache:tomcat:7.0.44
  • Apache Software Foundation Tomcat 7.0.45
    cpe:2.3:a:apache:tomcat:7.0.45
  • Apache Software Foundation Tomcat 7.0.46
    cpe:2.3:a:apache:tomcat:7.0.46
  • Apache Software Foundation Tomcat 7.0.50
    cpe:2.3:a:apache:tomcat:7.0.50
  • Oracle Solaris 11.2
    cpe:2.3:o:oracle:solaris:11.2
CVSS
Base: 4.3 (as of 18-11-2016 - 10:47)
Impact:
Exploitability:
CWE CWE-200
CAPEC
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-11048.NASL
    description - Updated to 7.0.52 - Create and own %{_localstatedir}/lib/tomcats, resolves: rhbz#1026741 - Add pom for tomcat-jdbc, resolves: rhbz#1011003 - Substitute libnames in catalina-tasks.xml, resolves: rhbz#1126439 - Use CATALINA_OPTS only on start, resolves: rhbz#1051194 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 77928
    published 2014-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77928
    title Fedora 20 : tomcat-7.0.52-1.fc20 (2014-11048)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2014-0008.NASL
    description a. vCenter Server Apache Struts Update The Apache Struts library is updated to address a security issue. This issue may lead to remote code execution after authentication. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-0114 to this issue. b. vCenter Server tc-server 2.9.5 / Apache Tomcat 7.0.52 updates tc-server has been updated to version 2.9.5 to address multiple security issues. This version of tc-server includes Apache Tomcat 7.0.52. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2013-4590, CVE-2013-4322, and CVE-2014-0050 to these issues. c. Update to ESXi glibc package glibc is updated to address multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2013-0242 and CVE-2013-1914 to these issues. d. vCenter and Update Manager, Oracle JRE 1.7 Update 55 Oracle has documented the CVE identifiers that are addressed in JRE 1.7.0 update 55 in the Oracle Java SE Critical Patch Update Advisory of April 2014. The References section provides a link to this advisory.
    last seen 2019-01-16
    modified 2018-08-06
    plugin id 77630
    published 2014-09-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77630
    title VMSA-2014-0008 : VMware vSphere product updates to third-party libraries
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-29.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-29 (Apache Tomcat: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to cause a Denial of Service condition as well as obtain sensitive information, bypass protection mechanisms and authentication restrictions. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-06-29
    plugin id 79982
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79982
    title GLSA-201412-29 : Apache Tomcat: Multiple vulnerabilities
  • NASL family Web Servers
    NASL id TOMCAT_7_0_50.NASL
    description According to its self-reported version number, the instance of Apache Tomcat 7.0.x listening on the remote host is prior to 7.0.50. It is, therefore, affected by the following vulnerabilities : - The fix for CVE-2012-3544 was not complete and limits are not properly applied to chunk extensions and whitespaces in certain trailing headers. This error could allow denial of service attacks. (CVE-2013-4322) - The application allows XML External Entity (XXE) processing that could disclose sensitive information. (CVE-2013-4590) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-01-16
    modified 2018-08-01
    plugin id 72691
    published 2014-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72691
    title Apache Tomcat 7.0.x < 7.0.50 Multiple Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3530.NASL
    description Multiple security vulnerabilities have been fixed in the Tomcat servlet and JSP engine, which may result on bypass of security manager restrictions, information disclosure, denial of service or session fixation.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 90205
    published 2016-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90205
    title Debian DSA-3530-1 : tomcat6 - security update
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20140811_TOMCAT6_ON_SL6_X.NASL
    description It was found that several application-provided XML files, such as web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external entities, permitting XML External Entity (XXE) attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictions set by the JSM, and gain access to sensitive information on the system. Note that this flaw only affected deployments in which Tomcat is running applications from untrusted sources, such as in a shared hosting environment. (CVE-2013-4590) It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same Apache Tomcat instance. (CVE-2014-0119) Tomcat must be restarted for this update to take effect.
    last seen 2019-01-16
    modified 2018-12-28
    plugin id 77144
    published 2014-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77144
    title Scientific Linux Security Update : tomcat6 on SL6.x (noarch)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1088.NASL
    description Red Hat JBoss Web Server 2.1.0, which fixes multiple security issues and several bugs, is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.0 Release Notes, linked to in the References section, for information on the most significant of these changes. The following security issues are also fixed with this release : A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226) A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. (CVE-2014-0118) A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231) It was found that several application-provided XML files, such as web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external entities, permitting XML External Entity (XXE) attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictions set by the JSM, and gain access to sensitive information on the system. Note that this flaw only affected deployments in which Tomcat is running applications from untrusted sources, such as in a shared hosting environment. (CVE-2013-4590) It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same Tomcat instance. (CVE-2014-0119) All users of Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise Linux 5 are advised to upgrade to Red Hat JBoss Web Server 2.1.0. The JBoss server process must be restarted for this update to take effect.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 77357
    published 2014-08-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77357
    title RHEL 5 : JBoss Web Server (RHSA-2014:1088)
  • NASL family Web Servers
    NASL id TOMCAT_6_0_39.NASL
    description According to its self-reported version number, the instance of Apache Tomcat 6.0.x listening on the remote host is prior to 6.0.39. It is, therefore, affected by the following vulnerabilities : - The version of Java used to build the application generates Javadoc containing a frame injection error. (CVE-2013-1571) - The fix for CVE-2005-2090 was not complete and the application does not reject requests with multiple Content-Length HTTP headers or with Content-Length HTTP headers when using chunked encoding. (CVE-2013-4286) - The fix for CVE-2012-3544 was not complete and limits are not properly applied to chunk extensions and whitespaces in certain trailing headers. This error allows denial of service attacks. (CVE-2013-4322) - The application allows XML External Entity (XXE) processing that discloses sensitive information. (CVE-2013-4590) - An error exists related to the 'disableURLRewriting' configuration option and session IDs. (CVE-2014-0033) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-01-16
    modified 2018-09-17
    plugin id 72690
    published 2014-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72690
    title Apache Tomcat 6.0.x < 6.0.39 Multiple Vulnerabilities
  • NASL family Misc.
    NASL id VMWARE_VCENTER_VMSA-2014-0008.NASL
    description The VMware vCenter Server installed on the remote host is version 5.0 prior to Update 3c, 5.1 prior to Update 3, or 5.5 prior to Update 2. It is, therefore, affected by multiple vulnerabilities in third party libraries : - The bundled version of Apache Struts contains a code execution flaw. Note that 5.0 Update 3c only addresses this vulnerability. (CVE-2014-0114) - The bundled tc-server / Apache Tomcat contains multiple vulnerabilities. (CVE-2013-4590, CVE-2013-4322, and CVE-2014-0050) - The bundled version of Oracle JRE is prior to 1.7.0_55 and thus is affected by multiple vulnerabilities. Note that this only affects version 5.5 of vCenter.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 77728
    published 2014-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77728
    title VMware Security Updates for vCenter Server (VMSA-2014-0008)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1038.NASL
    description From Red Hat Security Advisory 2014:1038 : Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that several application-provided XML files, such as web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external entities, permitting XML External Entity (XXE) attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictions set by the JSM, and gain access to sensitive information on the system. Note that this flaw only affected deployments in which Tomcat is running applications from untrusted sources, such as in a shared hosting environment. (CVE-2013-4590) It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same Apache Tomcat instance. (CVE-2014-0119) All Tomcat users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.
    last seen 2019-01-16
    modified 2015-12-01
    plugin id 77137
    published 2014-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77137
    title Oracle Linux 6 : tomcat6 (ELSA-2014-1038)
  • NASL family Web Servers
    NASL id TOMCAT_8_0_0_RC10.NASL
    description According to its self-reported version number, the Apache Tomcat instance listening on the remote host is prior to 8.0.0-RC10. It is, therefore, affected by multiple vulnerabilities: - The fix for CVE-2012-3544 was not complete and limits are not properly applied to chunk extensions and whitespaces in certain trailing headers. This error could allow denial of service attacks. (CVE-2013-4322) - The application allows XML External Entity (XXE) processing that could disclose sensitive information. (CVE-2013-4590) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-01-16
    modified 2019-01-11
    plugin id 121122
    published 2019-01-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121122
    title Apache Tomcat < 8.0.0-RC10 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1087.NASL
    description Red Hat JBoss Web Server 2.1.0, which fixes multiple security issues and several bugs, is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.0 Release Notes, linked to in the References section, for information on the most significant of these changes. The following security issues are also fixed with this release : A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user. (CVE-2014-0226) A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. (CVE-2014-0118) A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231) It was found that several application-provided XML files, such as web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external entities, permitting XML External Entity (XXE) attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictions set by the JSM, and gain access to sensitive information on the system. Note that this flaw only affected deployments in which Tomcat is running applications from untrusted sources, such as in a shared hosting environment. (CVE-2013-4590) It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same Tomcat instance. (CVE-2014-0119) All users of Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise Linux 6 are advised to upgrade to Red Hat JBoss Web Server 2.1.0. The JBoss server process must be restarted for this update to take effect.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 77356
    published 2014-08-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77356
    title RHEL 6 : JBoss Web Server (RHSA-2014:1087)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1038.NASL
    description Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that several application-provided XML files, such as web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external entities, permitting XML External Entity (XXE) attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictions set by the JSM, and gain access to sensitive information on the system. Note that this flaw only affected deployments in which Tomcat is running applications from untrusted sources, such as in a shared hosting environment. (CVE-2013-4590) It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same Apache Tomcat instance. (CVE-2014-0119) All Tomcat users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 77141
    published 2014-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77141
    title RHEL 6 : tomcat6 (RHSA-2014:1038)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_TOMCAT_20140522.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data. (CVE-2012-3544) - Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc. (CVE-2013-1571) - Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a 'Transfer-Encoding: chunked' header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090. (CVE-2013-4286) - Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544. (CVE-2013-4322) - Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain 'Tomcat internals' information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. (CVE-2013-4590) - org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL. (CVE-2014-0033)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 80793
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80793
    title Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_apache_tomcat4)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-084.NASL
    description Updated tomcat package fixes security vulnerabilities : It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition (CVE-2014-0050). Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data (CVE-2013-4322). Apache Tomcat 7.x before 7.0.50 allows attackers to obtain Tomcat internals information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2013-4590). Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data (CVE-2014-0075). java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2014-0096). Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header (CVE-2014-0099). Apache Tomcat before 6.0.40 and 7.x before 7.0.54 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or read files associated with different web applications on a single Tomcat instance via a crafted web application (CVE-2014-0119). In Apache Tomcat 7.x before 7.0.55, it was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request (CVE-2014-0227).
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 82337
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82337
    title Mandriva Linux Security Advisory : tomcat (MDVSA-2015:084)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1038.NASL
    description Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that several application-provided XML files, such as web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external entities, permitting XML External Entity (XXE) attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictions set by the JSM, and gain access to sensitive information on the system. Note that this flaw only affected deployments in which Tomcat is running applications from untrusted sources, such as in a shared hosting environment. (CVE-2013-4590) It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same Apache Tomcat instance. (CVE-2014-0119) All Tomcat users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 77121
    published 2014-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77121
    title CentOS 6 : tomcat6 (CESA-2014:1038)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-052.NASL
    description Updated tomcat packages fix security vulnerabilities : Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a Transfer-Encoding: chunked header (CVE-2013-4286). Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data (CVE-2013-4322). Apache Tomcat 7.x before 7.0.50 allows attackers to obtain Tomcat internals information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2013-4590). Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data (CVE-2014-0075). java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2014-0096). Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header (CVE-2014-0099). Apache Tomcat before 6.0.40 and 7.x before 7.0.54 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or read files associated with different web applications on a single Tomcat instance via a crafted web application (CVE-2014-0119). In Apache Tomcat 7.x before 7.0.55, it was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request (CVE-2014-0227).
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 81935
    published 2015-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81935
    title Mandriva Linux Security Advisory : tomcat (MDVSA-2015:052)
redhat via4
rpms
  • tomcat6-0:6.0.24-78.el6_5
  • tomcat6-admin-webapps-0:6.0.24-78.el6_5
  • tomcat6-docs-webapp-0:6.0.24-78.el6_5
  • tomcat6-el-2.1-api-0:6.0.24-78.el6_5
  • tomcat6-javadoc-0:6.0.24-78.el6_5
  • tomcat6-jsp-2.1-api-0:6.0.24-78.el6_5
  • tomcat6-lib-0:6.0.24-78.el6_5
  • tomcat6-servlet-2.5-api-0:6.0.24-78.el6_5
  • tomcat6-webapps-0:6.0.24-78.el6_5
refmap via4
bid 65768
confirm
debian DSA-3530
hp HPSBOV03503
mandriva
  • MDVSA-2015:052
  • MDVSA-2015:084
secunia
  • 59036
  • 59722
  • 59724
  • 59873
vmware via4
description tc-server has been updated to version 2.9.5 to address multiple security issues. This version of tc-server includes Apache Tomcat 7.0.52.
id VMSA-2014-0008
last_updated 2014-09-09T00:00:00
published 2014-09-09T00:00:00
title vCenter Server tc-server 2.9.5 / Apache Tomcat 7.0.52 updates
workaround None
Last major update 06-01-2017 - 21:59
Published 26-02-2014 - 09:55
Last modified 14-11-2017 - 21:29
Back to Top