| nessus
via4
|
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2017-0455.NASL | | description | An update is now available for Red Hat JBoss Web Server 3 for RHEL 6.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the
Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat
Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and
the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement
for Red Hat JBoss Web Server 3.0.3, and includes enhancements.
Security Fix(es) :
* It was reported that the Tomcat init script performed unsafe file
handling, which could result in local privilege escalation.
(CVE-2016-1240)
* It was discovered that the Tomcat packages installed certain
configuration files read by the Tomcat initialization script as
writeable to the tomcat group. A member of the group or a malicious
web application deployed on Tomcat could use this flaw to escalate
their privileges. (CVE-2016-6325)
* The JmxRemoteLifecycleListener was not updated to take account of
Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only
included in EWS 2.x and JWS 3.x source distributions. If you deploy a
Tomcat instance built from source, using the EWS 2.x, or JWS 3.x
distributions, an attacker could use this flaw to launch a remote code
execution attack on your deployed instance. (CVE-2016-8735)
* A denial of service vulnerability was identified in Commons
FileUpload that occurred when the length of the multipart boundary was
just below the size of the buffer (4096 bytes) used to read the
uploaded file if the boundary was the typical tens of bytes long.
(CVE-2016-3092)
* It was discovered that the code that parsed the HTTP request line
permitted invalid characters. This could be exploited, in conjunction
with a proxy that also permitted the invalid characters but with a
different interpretation, to inject data into the HTTP response. By
manipulating the HTTP response the attacker could poison a web-cache,
perform an XSS attack, or obtain sensitive information from requests
other then their own. (CVE-2016-6816)
* A bug was discovered in the error handling of the send file code for
the NIO HTTP connector. This led to the current Processor object being
added to the Processor cache multiple times allowing information
leakage between requests including, and not limited to, session ID and
the response body. (CVE-2016-8745)
* The Realm implementations did not process the supplied password if
the supplied user name did not exist. This made a timing attack
possible to determine valid user names. Note that the default
configuration includes the LockOutRealm which makes exploitation of
this vulnerability harder. (CVE-2016-0762)
* It was discovered that a malicious web application could bypass a
configured SecurityManager via a Tomcat utility method that was
accessible to web applications. (CVE-2016-5018)
* It was discovered that when a SecurityManager is configured Tomcat's
system property replacement feature for configuration files could be
used by a malicious web application to bypass the SecurityManager and
read system properties that should not be visible. (CVE-2016-6794)
* It was discovered that a malicious web application could bypass a
configured SecurityManager via manipulation of the configuration
parameters for the JSP Servlet. (CVE-2016-6796)
* It was discovered that it was possible for a web application to
access any global JNDI resource whether an explicit ResourceLink had
been configured or not. (CVE-2016-6797)
The CVE-2016-6325 issue was discovered by Red Hat Product Security.
Enhancement(s) :
This enhancement update adds the Red Hat JBoss Web Server 3.1.0
packages to Red Hat Enterprise Linux 6. These packages provide a
number of enhancements over the previous version of Red Hat JBoss Web
Server. (JIRA#JWS-267)
Users of Red Hat JBoss Web Server are advised to upgrade to these
updated packages, which add this enhancement. | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 97595 | | published | 2017-03-08 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=97595 | | title | RHEL 6 : Red Hat JBoss Web Server 3.1.0 (RHSA-2017:0455) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2017-0456.NASL | | description | An update is now available for Red Hat JBoss Web Server 3 for RHEL 7.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the
Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat
Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and
the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement
for Red Hat JBoss Web Server 3.0.3, and includes enhancements.
Security Fix(es) :
* It was reported that the Tomcat init script performed unsafe file
handling, which could result in local privilege escalation.
(CVE-2016-1240)
* It was discovered that the Tomcat packages installed certain
configuration files read by the Tomcat initialization script as
writeable to the tomcat group. A member of the group or a malicious
web application deployed on Tomcat could use this flaw to escalate
their privileges. (CVE-2016-6325)
* The JmxRemoteLifecycleListener was not updated to take account of
Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only
included in EWS 2.x and JWS 3.x source distributions. If you deploy a
Tomcat instance built from source, using the EWS 2.x, or JWS 3.x
distributions, an attacker could use this flaw to launch a remote code
execution attack on your deployed instance. (CVE-2016-8735)
* A denial of service vulnerability was identified in Commons
FileUpload that occurred when the length of the multipart boundary was
just below the size of the buffer (4096 bytes) used to read the
uploaded file if the boundary was the typical tens of bytes long.
(CVE-2016-3092)
* It was discovered that the code that parsed the HTTP request line
permitted invalid characters. This could be exploited, in conjunction
with a proxy that also permitted the invalid characters but with a
different interpretation, to inject data into the HTTP response. By
manipulating the HTTP response the attacker could poison a web-cache,
perform an XSS attack, or obtain sensitive information from requests
other then their own. (CVE-2016-6816)
* A bug was discovered in the error handling of the send file code for
the NIO HTTP connector. This led to the current Processor object being
added to the Processor cache multiple times allowing information
leakage between requests including, and not limited to, session ID and
the response body. (CVE-2016-8745)
* The Realm implementations did not process the supplied password if
the supplied user name did not exist. This made a timing attack
possible to determine valid user names. Note that the default
configuration includes the LockOutRealm which makes exploitation of
this vulnerability harder. (CVE-2016-0762)
* It was discovered that a malicious web application could bypass a
configured SecurityManager via a Tomcat utility method that was
accessible to web applications. (CVE-2016-5018)
* It was discovered that when a SecurityManager is configured Tomcat's
system property replacement feature for configuration files could be
used by a malicious web application to bypass the SecurityManager and
read system properties that should not be visible. (CVE-2016-6794)
* It was discovered that a malicious web application could bypass a
configured SecurityManager via manipulation of the configuration
parameters for the JSP Servlet. (CVE-2016-6796)
* It was discovered that it was possible for a web application to
access any global JNDI resource whether an explicit ResourceLink had
been configured or not. (CVE-2016-6797)
The CVE-2016-6325 issue was discovered by Red Hat Product Security.
Enhancement(s) :
* This enhancement update adds the Red Hat JBoss Web Server 3.1.0
packages to Red Hat Enterprise Linux 7. These packages provide a
number of enhancements over the previous version of Red Hat JBoss Web
Server. (JIRA#JWS-268) | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 97596 | | published | 2017-03-08 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=97596 | | title | RHEL 7 : Red Hat JBoss Web Server 3.1.0 (RHSA-2017:0456) |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2017-586.NASL | | description | This update for tomcat fixes the following issues :
- CVE-2017-5647 Pipelined requests could lead to
information disclosure (bsc#1033448)
- CVE-2017-5648 Untrusted application could retain
listener leading to information disclosure (bsc#1033447)
- CVE-2016-8745 shared Processor on Connector code could
lead to information disclosure (bsc#1015119)
This update was imported from the SUSE:SLE-12-SP1:Update and
SUSE:SLE-12-SP2:Update update projects. | | last seen | 2019-01-16 | | modified | 2018-01-26 | | plugin id | 100204 | | published | 2017-05-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=100204 | | title | openSUSE Security Update : tomcat (openSUSE-2017-586) |
| NASL family | Gentoo Local Security Checks | | NASL id | GENTOO_GLSA-201705-09.NASL | | description | The remote host is affected by the vulnerability described in GLSA-201705-09
(Apache Tomcat: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in Tomcat. Please review
the CVE identifiers referenced below for details.
Impact :
A remote attacker may be able to cause a Denial of Service condition,
obtain sensitive information, bypass protection mechanisms and
authentication restrictions.
A local attacker, who is a tomcat’s system user or belongs to
tomcat’s group, could potentially escalate privileges.
Workaround :
There is no known workaround at this time. | | last seen | 2019-01-16 | | modified | 2018-01-26 | | plugin id | 100262 | | published | 2017-05-18 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=100262 | | title | GLSA-201705-09 : Apache Tomcat: Multiple vulnerabilities |
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-3177-2.NASL | | description | USN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a
regression in environments where Tomcat is started with a security
manager. This update fixes the problem.
We apologize for the inconvenience.
It was discovered that the Tomcat realm implementations incorrectly
handled passwords when a username didn't exist. A remote attacker
could possibly use this issue to enumerate usernames. This issue only
applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-0762)
Alvaro Munoz and Alexander Mirosh discovered that Tomcat
incorrectly limited use of a certain utility method. A
malicious application could possibly use this to bypass
Security Manager restrictions. This issue only applied to
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-5018)
It was discovered that Tomcat did not protect applications
from untrusted data in the HTTP_PROXY environment variable.
A remote attacker could possibly use this issue to redirect
outbound traffic to an arbitrary proxy server. This issue
only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and
Ubuntu 16.04 LTS. (CVE-2016-5388)
It was discovered that Tomcat incorrectly controlled reading
system properties. A malicious application could possibly
use this to bypass Security Manager restrictions. This issue
only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and
Ubuntu 16.04 LTS. (CVE-2016-6794)
It was discovered that Tomcat incorrectly controlled certain
configuration parameters. A malicious application could
possibly use this to bypass Security Manager restrictions.
This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04
LTS and Ubuntu 16.04 LTS. (CVE-2016-6796)
It was discovered that Tomcat incorrectly limited access to
global JNDI resources. A malicious application could use
this to access any global JNDI resource without an explicit
ResourceLink. This issue only applied to Ubuntu 12.04 LTS,
Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6797)
Regis Leroy discovered that Tomcat incorrectly filtered
certain invalid characters from the HTTP request line. A
remote attacker could possibly use this issue to inject data
into HTTP responses. (CVE-2016-6816)
Pierre Ernst discovered that the Tomcat
JmxRemoteLifecycleListener did not implement a recommended
fix. A remote attacker could possibly use this issue to
execute arbitrary code. (CVE-2016-8735)
It was discovered that Tomcat incorrectly handled error
handling in the send file code. A remote attacker could
possibly use this issue to access information from other
requests. (CVE-2016-8745)
Paul Szabo discovered that the Tomcat package incorrectly
handled upgrades and removals. A local attacker could
possibly use this issue to obtain root privileges.
(CVE-2016-9774, CVE-2016-9775).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-12-01 | | plugin id | 96978 | | published | 2017-02-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96978 | | title | Ubuntu 12.04 LTS / 14.04 LTS : tomcat6, tomcat7 regression (USN-3177-2) (httpoxy) |
| NASL family | Debian Local Security Checks | | NASL id | DEBIAN_DLA-779.NASL | | description | A bug in the error handling of the send file code for the NIO HTTP
connector resulted in the current Processor object being added to the
Processor cache multiple times. This in turn meant that the same
Processor could be used for concurrent requests. Sharing a Processor
can result in information leakage between requests including, not
limited to, session ID and the response body.
In addition this update also addresses a regression when running
Tomcat 7 with SecurityManager enabled due to an incomplete fix for
CVE-2016-6816.
For Debian 7 'Wheezy', these problems have been fixed in version
7.0.28-4+deb7u9.
We recommend that you upgrade your tomcat7 packages.
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-07-09 | | plugin id | 96396 | | published | 2017-01-11 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96396 | | title | Debian DLA-779-1 : tomcat7 security update |
| NASL family | Debian Local Security Checks | | NASL id | DEBIAN_DSA-3755.NASL | | description | It was discovered that incorrect error handling in the NIO HTTP
connector of the Tomcat servlet and JSP engine could result in
information disclosure. | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 96345 | | published | 2017-01-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96345 | | title | Debian DSA-3755-1 : tomcat8 - security update |
| NASL family | Web Servers | | NASL id | TOMCAT_8_5_9.NASL | | description | According to its self-reported version number, the Apache Tomcat
service running on the remote host is 6.0.16 prior to 6.0.50, 7.0.x
prior to 7.0.75, 8.0.x prior to 8.0.41, 8.5.x prior to 8.5.9, or
9.0.x prior to 9.0.0.M15. It is therefore, affected by an information
disclosure vulnerability in error handling during send file processing
by the NIO HTTP connector, in which an error can cause the current
Processor object to be added to the Processor cache multiple times.
This allows the same Processor to be used for concurrent requests.
An unauthenticated, remote attacker can exploit this issue, via a
shared Processor, to disclose sensitive information, such as session
IDs, response bodies related to another request, etc.
Note that Nessus has not attempted to exploit this issue but has
instead relied only on the application's self-reported version number. | | last seen | 2019-01-16 | | modified | 2019-01-11 | | plugin id | 96003 | | published | 2016-12-21 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96003 | | title | Apache Tomcat 6.0.16 < 6.0.50 / 7.0.x < 7.0.75 / 8.0.x < 8.0.41 / 8.5.x < 8.5.9 / 9.0.x < 9.0.0.M15 NIO HTTP Connector Information Disclosure |
| NASL family | CentOS Local Security Checks | | NASL id | CENTOS_RHSA-2017-0527.NASL | | description | An update for tomcat6 is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
Apache Tomcat is a servlet container for the Java Servlet and
JavaServer Pages (JSP) technologies.
Security Fix(es) :
* It was discovered that the code that parsed the HTTP request line
permitted invalid characters. This could be exploited, in conjunction
with a proxy that also permitted the invalid characters but with a
different interpretation, to inject data into the HTTP response. By
manipulating the HTTP response the attacker could poison a web-cache,
perform an XSS attack, or obtain sensitive information from requests
other then their own. (CVE-2016-6816)
Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request
error when request contains characters that are not permitted by the
HTTP specification to appear not encoded, even though they were
previously accepted. The newly introduced system property
tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to
configure Tomcat to accept curly braces ({ and }) and the pipe symbol
(|) in not encoded form, as these are often used in URLs without being
properly encoded.
* A bug was discovered in the error handling of the send file code for
the NIO HTTP connector. This led to the current Processor object being
added to the Processor cache multiple times allowing information
leakage between requests including, and not limited to, session ID and
the response body. (CVE-2016-8745) | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 97795 | | published | 2017-03-20 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=97795 | | title | CentOS 6 : tomcat6 (CESA-2017:0527) |
| NASL family | Oracle Linux Local Security Checks | | NASL id | ORACLELINUX_ELSA-2017-0527.NASL | | description | From Red Hat Security Advisory 2017:0527 :
An update for tomcat6 is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
Apache Tomcat is a servlet container for the Java Servlet and
JavaServer Pages (JSP) technologies.
Security Fix(es) :
* It was discovered that the code that parsed the HTTP request line
permitted invalid characters. This could be exploited, in conjunction
with a proxy that also permitted the invalid characters but with a
different interpretation, to inject data into the HTTP response. By
manipulating the HTTP response the attacker could poison a web-cache,
perform an XSS attack, or obtain sensitive information from requests
other then their own. (CVE-2016-6816)
Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request
error when request contains characters that are not permitted by the
HTTP specification to appear not encoded, even though they were
previously accepted. The newly introduced system property
tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to
configure Tomcat to accept curly braces ({ and }) and the pipe symbol
(|) in not encoded form, as these are often used in URLs without being
properly encoded.
* A bug was discovered in the error handling of the send file code for
the NIO HTTP connector. This led to the current Processor object being
added to the Processor cache multiple times allowing information
leakage between requests including, and not limited to, session ID and
the response body. (CVE-2016-8745) | | last seen | 2019-01-16 | | modified | 2018-07-24 | | plugin id | 97765 | | published | 2017-03-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=97765 | | title | Oracle Linux 6 : tomcat6 (ELSA-2017-0527) |
| NASL family | Huawei Local Security Checks | | NASL id | EULEROS_SA-2017-1081.NASL | | description | According to the versions of the tomcat packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- It was discovered that the code that parsed the HTTP
request line permitted invalid characters. This could
be exploited, in conjunction with a proxy that also
permitted the invalid characters but with a different
interpretation, to inject data into the HTTP response.
By manipulating the HTTP response the attacker could
poison a web-cache, perform an XSS attack, or obtain
sensitive information from requests other then their
own. (CVE-2016-6816)
- A bug was discovered in the error handling of the send
file code for the NIO HTTP connector. This led to the
current Processor object being added to the Processor
cache multiple times allowing information leakage
between requests including, and not limited to, session
ID and the response body. (CVE-2016-8745)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-11-14 | | plugin id | 99947 | | published | 2017-05-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99947 | | title | EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2017-1081) |
| NASL family | Debian Local Security Checks | | NASL id | DEBIAN_DSA-3754.NASL | | description | It was discovered that incorrect error handling in the NIO HTTP
connector of the Tomcat servlet and JSP engine could result in
information disclosure. | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 96344 | | published | 2017-01-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96344 | | title | Debian DSA-3754-1 : tomcat7 - security update |
| NASL family | Scientific Linux Local Security Checks | | NASL id | SL_20170315_TOMCAT6_ON_SL6_X.NASL | | description | Security Fix(es) :
- It was discovered that the code that parsed the HTTP
request line permitted invalid characters. This could be
exploited, in conjunction with a proxy that also
permitted the invalid characters but with a different
interpretation, to inject data into the HTTP response.
By manipulating the HTTP response the attacker could
poison a web-cache, perform an XSS attack, or obtain
sensitive information from requests other then their
own. (CVE-2016-6816)
Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request
error when request contains characters that are not permitted by the
HTTP specification to appear not encoded, even though they were
previously accepted. The newly introduced system property
tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to
configure Tomcat to accept curly braces ({ and }) and the pipe symbol
(|) in not encoded form, as these are often used in URLs without being
properly encoded.
- A bug was discovered in the error handling of the send
file code for the NIO HTTP connector. This led to the
current Processor object being added to the Processor
cache multiple times allowing information leakage
between requests including, and not limited to, session
ID and the response body. (CVE-2016-8745) | | last seen | 2019-01-16 | | modified | 2018-12-27 | | plugin id | 97770 | | published | 2017-03-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=97770 | | title | Scientific Linux Security Update : tomcat6 on SL6.x (noarch) |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2017-19C5440ABE.NASL | | description | Security fix for CVE-2016-8745
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-02-01 | | plugin id | 97481 | | published | 2017-03-02 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=97481 | | title | Fedora 24 : 1:tomcat (2017-19c5440abe) |
| NASL family | FreeBSD Local Security Checks | | NASL id | FREEBSD_PKG_E5EC2767D52911E6AE1B002590263BF5.NASL | | description | The Apache Software Foundation reports :
Important: Information Disclosure CVE-2016-8745 | | last seen | 2018-11-13 | | modified | 2018-11-10 | | plugin id | 96372 | | published | 2017-01-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96372 | | title | FreeBSD : tomcat -- information disclosure vulnerability (e5ec2767-d529-11e6-ae1b-002590263bf5) |
| NASL family | Virtuozzo Local Security Checks | | NASL id | VIRTUOZZO_VZLSA-2017-0527.NASL | | description | An update for tomcat6 is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
Apache Tomcat is a servlet container for the Java Servlet and
JavaServer Pages (JSP) technologies.
Security Fix(es) :
* It was discovered that the code that parsed the HTTP request line
permitted invalid characters. This could be exploited, in conjunction
with a proxy that also permitted the invalid characters but with a
different interpretation, to inject data into the HTTP response. By
manipulating the HTTP response the attacker could poison a web-cache,
perform an XSS attack, or obtain sensitive information from requests
other then their own. (CVE-2016-6816)
Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request
error when request contains characters that are not permitted by the
HTTP specification to appear not encoded, even though they were
previously accepted. The newly introduced system property
tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to
configure Tomcat to accept curly braces ({ and }) and the pipe symbol
(|) in not encoded form, as these are often used in URLs without being
properly encoded.
* A bug was discovered in the error handling of the send file code for
the NIO HTTP connector. This led to the current Processor object being
added to the Processor cache multiple times allowing information
leakage between requests including, and not limited to, session ID and
the response body. (CVE-2016-8745)
Note that Tenable Network Security has attempted to extract the
preceding description block directly from the corresponding Red Hat
security advisory. Virtuozzo provides no description for VZLSA
advisories. Tenable has attempted to automatically clean and format
it as much as possible without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-11-20 | | plugin id | 101438 | | published | 2017-07-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=101438 | | title | Virtuozzo 6 : tomcat6 / tomcat6-admin-webapps / etc (VZLSA-2017-0527) |
| NASL family | Scientific Linux Local Security Checks | | NASL id | SL_20170412_TOMCAT_ON_SL7_X.NASL | | description | Security Fix(es) :
- It was discovered that the code that parsed the HTTP
request line permitted invalid characters. This could be
exploited, in conjunction with a proxy that also
permitted the invalid characters but with a different
interpretation, to inject data into the HTTP response.
By manipulating the HTTP response the attacker could
poison a web-cache, perform an XSS attack, or obtain
sensitive information from requests other then their
own. (CVE-2016-6816)
Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request
error when request contains characters that are not permitted by the
HTTP specification to appear not encoded, even though they were
previously accepted. The newly introduced system property
tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to
configure Tomcat to accept curly braces ({ and }) and the pipe symbol
(|) in not encoded form, as these are often used in URLs without being
properly encoded.
- A bug was discovered in the error handling of the send
file code for the NIO HTTP connector. This led to the
current Processor object being added to the Processor
cache multiple times allowing information leakage
between requests including, and not limited to, session
ID and the response body. (CVE-2016-8745) | | last seen | 2019-01-16 | | modified | 2018-12-27 | | plugin id | 99353 | | published | 2017-04-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99353 | | title | Scientific Linux Security Update : tomcat on SL7.x (noarch) |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2017-376AE2B92C.NASL | | description | Security fix for CVE-2016-8745
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-02-01 | | plugin id | 97337 | | published | 2017-02-23 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=97337 | | title | Fedora 25 : 1:tomcat (2017-376ae2b92c) |
| NASL family | CentOS Local Security Checks | | NASL id | CENTOS_RHSA-2017-0935.NASL | | description | An update for tomcat is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
Apache Tomcat is a servlet container for the Java Servlet and
JavaServer Pages (JSP) technologies.
Security Fix(es) :
* It was discovered that the code that parsed the HTTP request line
permitted invalid characters. This could be exploited, in conjunction
with a proxy that also permitted the invalid characters but with a
different interpretation, to inject data into the HTTP response. By
manipulating the HTTP response the attacker could poison a web-cache,
perform an XSS attack, or obtain sensitive information from requests
other then their own. (CVE-2016-6816)
Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request
error when request contains characters that are not permitted by the
HTTP specification to appear not encoded, even though they were
previously accepted. The newly introduced system property
tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to
configure Tomcat to accept curly braces ({ and }) and the pipe symbol
(|) in not encoded form, as these are often used in URLs without being
properly encoded.
* A bug was discovered in the error handling of the send file code for
the NIO HTTP connector. This led to the current Processor object being
added to the Processor cache multiple times allowing information
leakage between requests including, and not limited to, session ID and
the response body. (CVE-2016-8745) | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 99384 | | published | 2017-04-14 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99384 | | title | CentOS 7 : tomcat (CESA-2017:0935) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2017-0527.NASL | | description | An update for tomcat6 is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
Apache Tomcat is a servlet container for the Java Servlet and
JavaServer Pages (JSP) technologies.
Security Fix(es) :
* It was discovered that the code that parsed the HTTP request line
permitted invalid characters. This could be exploited, in conjunction
with a proxy that also permitted the invalid characters but with a
different interpretation, to inject data into the HTTP response. By
manipulating the HTTP response the attacker could poison a web-cache,
perform an XSS attack, or obtain sensitive information from requests
other then their own. (CVE-2016-6816)
Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request
error when request contains characters that are not permitted by the
HTTP specification to appear not encoded, even though they were
previously accepted. The newly introduced system property
tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to
configure Tomcat to accept curly braces ({ and }) and the pipe symbol
(|) in not encoded form, as these are often used in URLs without being
properly encoded.
* A bug was discovered in the error handling of the send file code for
the NIO HTTP connector. This led to the current Processor object being
added to the Processor cache multiple times allowing information
leakage between requests including, and not limited to, session ID and
the response body. (CVE-2016-8745) | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 97767 | | published | 2017-03-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=97767 | | title | RHEL 6 : tomcat6 (RHSA-2017:0527) |
| NASL family | Oracle Linux Local Security Checks | | NASL id | ORACLELINUX_ELSA-2017-0935.NASL | | description | From Red Hat Security Advisory 2017:0935 :
An update for tomcat is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
Apache Tomcat is a servlet container for the Java Servlet and
JavaServer Pages (JSP) technologies.
Security Fix(es) :
* It was discovered that the code that parsed the HTTP request line
permitted invalid characters. This could be exploited, in conjunction
with a proxy that also permitted the invalid characters but with a
different interpretation, to inject data into the HTTP response. By
manipulating the HTTP response the attacker could poison a web-cache,
perform an XSS attack, or obtain sensitive information from requests
other then their own. (CVE-2016-6816)
Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request
error when request contains characters that are not permitted by the
HTTP specification to appear not encoded, even though they were
previously accepted. The newly introduced system property
tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to
configure Tomcat to accept curly braces ({ and }) and the pipe symbol
(|) in not encoded form, as these are often used in URLs without being
properly encoded.
* A bug was discovered in the error handling of the send file code for
the NIO HTTP connector. This led to the current Processor object being
added to the Processor cache multiple times allowing information
leakage between requests including, and not limited to, session ID and
the response body. (CVE-2016-8745) | | last seen | 2019-01-16 | | modified | 2018-07-24 | | plugin id | 99334 | | published | 2017-04-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99334 | | title | Oracle Linux 7 : tomcat (ELSA-2017-0935) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2017-0935.NASL | | description | An update for tomcat is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
Apache Tomcat is a servlet container for the Java Servlet and
JavaServer Pages (JSP) technologies.
Security Fix(es) :
* It was discovered that the code that parsed the HTTP request line
permitted invalid characters. This could be exploited, in conjunction
with a proxy that also permitted the invalid characters but with a
different interpretation, to inject data into the HTTP response. By
manipulating the HTTP response the attacker could poison a web-cache,
perform an XSS attack, or obtain sensitive information from requests
other then their own. (CVE-2016-6816)
Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request
error when request contains characters that are not permitted by the
HTTP specification to appear not encoded, even though they were
previously accepted. The newly introduced system property
tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to
configure Tomcat to accept curly braces ({ and }) and the pipe symbol
(|) in not encoded form, as these are often used in URLs without being
properly encoded.
* A bug was discovered in the error handling of the send file code for
the NIO HTTP connector. This led to the current Processor object being
added to the Processor cache multiple times allowing information
leakage between requests including, and not limited to, session ID and
the response body. (CVE-2016-8745) | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 99348 | | published | 2017-04-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99348 | | title | RHEL 7 : tomcat (RHSA-2017:0935) |
| NASL family | Virtuozzo Local Security Checks | | NASL id | VIRTUOZZO_VZLSA-2017-0935.NASL | | description | An update for tomcat is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
Apache Tomcat is a servlet container for the Java Servlet and
JavaServer Pages (JSP) technologies.
Security Fix(es) :
* It was discovered that the code that parsed the HTTP request line
permitted invalid characters. This could be exploited, in conjunction
with a proxy that also permitted the invalid characters but with a
different interpretation, to inject data into the HTTP response. By
manipulating the HTTP response the attacker could poison a web-cache,
perform an XSS attack, or obtain sensitive information from requests
other then their own. (CVE-2016-6816)
Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request
error when request contains characters that are not permitted by the
HTTP specification to appear not encoded, even though they were
previously accepted. The newly introduced system property
tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to
configure Tomcat to accept curly braces ({ and }) and the pipe symbol
(|) in not encoded form, as these are often used in URLs without being
properly encoded.
* A bug was discovered in the error handling of the send file code for
the NIO HTTP connector. This led to the current Processor object being
added to the Processor cache multiple times allowing information
leakage between requests including, and not limited to, session ID and
the response body. (CVE-2016-8745)
Note that Tenable Network Security has attempted to extract the
preceding description block directly from the corresponding Red Hat
security advisory. Virtuozzo provides no description for VZLSA
advisories. Tenable has attempted to automatically clean and format
it as much as possible without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-11-20 | | plugin id | 101450 | | published | 2017-07-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=101450 | | title | Virtuozzo 7 : tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (VZLSA-2017-0935) |
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-3177-1.NASL | | description | It was discovered that the Tomcat realm implementations incorrectly
handled passwords when a username didn't exist. A remote attacker
could possibly use this issue to enumerate usernames. This issue only
applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-0762)
Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly
limited use of a certain utility method. A malicious application could
possibly use this to bypass Security Manager restrictions. This issue
only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04
LTS. (CVE-2016-5018)
It was discovered that Tomcat did not protect applications from
untrusted data in the HTTP_PROXY environment variable. A remote
attacker could possibly use this issue to redirect outbound traffic to
an arbitrary proxy server. This issue only applied to Ubuntu 12.04
LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5388)
It was discovered that Tomcat incorrectly controlled reading system
properties. A malicious application could possibly use this to bypass
Security Manager restrictions. This issue only applied to Ubuntu 12.04
LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6794)
It was discovered that Tomcat incorrectly controlled certain
configuration parameters. A malicious application could possibly use
this to bypass Security Manager restrictions. This issue only applied
to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-6796)
It was discovered that Tomcat incorrectly limited access to global
JNDI resources. A malicious application could use this to access any
global JNDI resource without an explicit ResourceLink. This issue only
applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-6797)
Regis Leroy discovered that Tomcat incorrectly filtered certain
invalid characters from the HTTP request line. A remote attacker could
possibly use this issue to inject data into HTTP responses.
(CVE-2016-6816)
Pierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did
not implement a recommended fix. A remote attacker could possibly use
this issue to execute arbitrary code. (CVE-2016-8735)
It was discovered that Tomcat incorrectly handled error handling in
the send file code. A remote attacker could possibly use this issue to
access information from other requests. (CVE-2016-8745)
Paul Szabo discovered that the Tomcat package incorrectly handled
upgrades and removals. A local attacker could possibly use this issue
to obtain root privileges. (CVE-2016-9774, CVE-2016-9775).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-12-01 | | plugin id | 96720 | | published | 2017-01-24 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96720 | | title | Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : tomcat6, tomcat7, tomcat8 vulnerabilities (USN-3177-1) (httpoxy) |
| NASL family | Huawei Local Security Checks | | NASL id | EULEROS_SA-2017-1082.NASL | | description | According to the versions of the tomcat packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- It was discovered that the code that parsed the HTTP
request line permitted invalid characters. This could
be exploited, in conjunction with a proxy that also
permitted the invalid characters but with a different
interpretation, to inject data into the HTTP response.
By manipulating the HTTP response the attacker could
poison a web-cache, perform an XSS attack, or obtain
sensitive information from requests other then their
own. (CVE-2016-6816)
- A bug was discovered in the error handling of the send
file code for the NIO HTTP connector. This led to the
current Processor object being added to the Processor
cache multiple times allowing information leakage
between requests including, and not limited to, session
ID and the response body. (CVE-2016-8745)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-11-14 | | plugin id | 99948 | | published | 2017-05-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99948 | | title | EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2017-1082) |
| NASL family | Amazon Linux Local Security Checks | | NASL id | ALA_ALAS-2017-796.NASL | | description | A bug in the error handling of the send file code for the NIO HTTP
connector resulted in the current Processor object being added to the
Processor cache multiple times. This in turn meant that the same
Processor could be used for concurrent requests. Sharing a Processor
can result in information leakage between requests including, not not
limited to, session ID and the response body. | | last seen | 2019-01-16 | | modified | 2018-04-18 | | plugin id | 97146 | | published | 2017-02-15 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=97146 | | title | Amazon Linux AMI : tomcat7 / tomcat8 (ALAS-2017-796) |
| NASL family | Amazon Linux Local Security Checks | | NASL id | ALA_ALAS-2017-810.NASL | | description | It was discovered that the code that parsed the HTTP request line
permitted
invalid characters. This could be exploited, in conjunction with a
proxy that
also permitted the invalid characters but with a different
interpretation, to
inject data into the HTTP response. By manipulating the HTTP response
the
attacker could poison a web-cache, perform an XSS attack, or obtain
sensitive
information from requests other then their own. (CVE-2016-6816)
Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request
error when
request contains characters that are not permitted by the HTTP
specification to
appear not encoded, even though they were previously accepted. The
newly
introduced system property
tomcat.util.http.parser.HttpParser.requestTargetAllow
can be used to configure Tomcat to accept curly braces ({ and }) and
the pipe
symbol (|) in not encoded form, as these are often used in URLs
without being
properly encoded.
- A bug was discovered in the error handling of the send
file code for the NIO
HTTP connector. This led to the current Processor object being added
to the
Processor cache multiple times allowing information leakage between
requests
including, and not limited to, session ID and the response body.
(CVE-2016-8745) | | last seen | 2019-01-16 | | modified | 2018-04-18 | | plugin id | 99037 | | published | 2017-03-30 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99037 | | title | Amazon Linux AMI : tomcat6 (ALAS-2017-810) |
|
