| nessus
via4
|
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2017-376AE2B92C.NASL | | description | Security fix for CVE-2016-8745
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-02-01 | | plugin id | 97337 | | published | 2017-02-23 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=97337 | | title | Fedora 25 : 1:tomcat (2017-376ae2b92c) |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2017-19C5440ABE.NASL | | description | Security fix for CVE-2016-8745
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-02-01 | | plugin id | 97481 | | published | 2017-03-02 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=97481 | | title | Fedora 24 : 1:tomcat (2017-19c5440abe) |
| NASL family | Amazon Linux Local Security Checks | | NASL id | ALA_ALAS-2017-796.NASL | | description | A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. | | last seen | 2019-02-21 | | modified | 2018-04-18 | | plugin id | 97146 | | published | 2017-02-15 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=97146 | | title | Amazon Linux AMI : tomcat7 / tomcat8 (ALAS-2017-796) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2017-0456.NASL | | description | An update is now available for Red Hat JBoss Web Server 3 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements.
Security Fix(es) :
* It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation.
(CVE-2016-1240)
* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)
* The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)
* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.
(CVE-2016-3092)
* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
* The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)
* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)
* It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)
* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)
* It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)
The CVE-2016-6325 issue was discovered by Red Hat Product Security.
Enhancement(s) :
* This enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages to Red Hat Enterprise Linux 7. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-268) | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 97596 | | published | 2017-03-08 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=97596 | | title | RHEL 7 : Red Hat JBoss Web Server 3.1.0 (RHSA-2017:0456) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2017-0455.NASL | | description | An update is now available for Red Hat JBoss Web Server 3 for RHEL 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements.
Security Fix(es) :
* It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation.
(CVE-2016-1240)
* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)
* The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)
* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.
(CVE-2016-3092)
* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
* The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)
* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)
* It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)
* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)
* It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)
The CVE-2016-6325 issue was discovered by Red Hat Product Security.
Enhancement(s) :
This enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages to Red Hat Enterprise Linux 6. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-267)
Users of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement. | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 97595 | | published | 2017-03-08 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=97595 | | title | RHEL 6 : Red Hat JBoss Web Server 3.1.0 (RHSA-2017:0455) |
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-3177-1.NASL | | description | It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-0762)
Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain utility method. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5018)
It was discovered that Tomcat did not protect applications from untrusted data in the HTTP_PROXY environment variable. A remote attacker could possibly use this issue to redirect outbound traffic to an arbitrary proxy server. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5388)
It was discovered that Tomcat incorrectly controlled reading system properties. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6794)
It was discovered that Tomcat incorrectly controlled certain configuration parameters. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-6796)
It was discovered that Tomcat incorrectly limited access to global JNDI resources. A malicious application could use this to access any global JNDI resource without an explicit ResourceLink. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-6797)
Regis Leroy discovered that Tomcat incorrectly filtered certain invalid characters from the HTTP request line. A remote attacker could possibly use this issue to inject data into HTTP responses.
(CVE-2016-6816)
Pierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not implement a recommended fix. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2016-8735)
It was discovered that Tomcat incorrectly handled error handling in the send file code. A remote attacker could possibly use this issue to access information from other requests. (CVE-2016-8745)
Paul Szabo discovered that the Tomcat package incorrectly handled upgrades and removals. A local attacker could possibly use this issue to obtain root privileges. (CVE-2016-9774, CVE-2016-9775).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-12-01 | | plugin id | 96720 | | published | 2017-01-24 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96720 | | title | Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : tomcat6, tomcat7, tomcat8 vulnerabilities (USN-3177-1) (httpoxy) |
| NASL family | FreeBSD Local Security Checks | | NASL id | FREEBSD_PKG_E5EC2767D52911E6AE1B002590263BF5.NASL | | description | The Apache Software Foundation reports :
Important: Information Disclosure CVE-2016-8745 | | last seen | 2018-11-13 | | modified | 2018-11-10 | | plugin id | 96372 | | published | 2017-01-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96372 | | title | FreeBSD : tomcat -- information disclosure vulnerability (e5ec2767-d529-11e6-ae1b-002590263bf5) |
| NASL family | Debian Local Security Checks | | NASL id | DEBIAN_DSA-3754.NASL | | description | It was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure. | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 96344 | | published | 2017-01-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96344 | | title | Debian DSA-3754-1 : tomcat7 - security update |
| NASL family | Virtuozzo Local Security Checks | | NASL id | VIRTUOZZO_VZLSA-2017-0527.NASL | | description | An update for tomcat6 is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es) :
* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.
* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-11-20 | | plugin id | 101438 | | published | 2017-07-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=101438 | | title | Virtuozzo 6 : tomcat6 / tomcat6-admin-webapps / etc (VZLSA-2017-0527) |
| NASL family | Oracle Linux Local Security Checks | | NASL id | ORACLELINUX_ELSA-2017-0935.NASL | | description | From Red Hat Security Advisory 2017:0935 :
An update for tomcat is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es) :
* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.
* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745) | | last seen | 2019-02-21 | | modified | 2018-07-24 | | plugin id | 99334 | | published | 2017-04-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99334 | | title | Oracle Linux 7 : tomcat (ELSA-2017-0935) |
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-3177-2.NASL | | description | USN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a regression in environments where Tomcat is started with a security manager. This update fixes the problem.
We apologize for the inconvenience.
It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-0762)
Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain utility method. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-5018)
It was discovered that Tomcat did not protect applications from untrusted data in the HTTP_PROXY environment variable.
A remote attacker could possibly use this issue to redirect outbound traffic to an arbitrary proxy server. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5388)
It was discovered that Tomcat incorrectly controlled reading system properties. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6794)
It was discovered that Tomcat incorrectly controlled certain configuration parameters. A malicious application could possibly use this to bypass Security Manager restrictions.
This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6796)
It was discovered that Tomcat incorrectly limited access to global JNDI resources. A malicious application could use this to access any global JNDI resource without an explicit ResourceLink. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6797)
Regis Leroy discovered that Tomcat incorrectly filtered certain invalid characters from the HTTP request line. A remote attacker could possibly use this issue to inject data into HTTP responses. (CVE-2016-6816)
Pierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not implement a recommended fix. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2016-8735)
It was discovered that Tomcat incorrectly handled error handling in the send file code. A remote attacker could possibly use this issue to access information from other requests. (CVE-2016-8745)
Paul Szabo discovered that the Tomcat package incorrectly handled upgrades and removals. A local attacker could possibly use this issue to obtain root privileges.
(CVE-2016-9774, CVE-2016-9775).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-12-01 | | plugin id | 96978 | | published | 2017-02-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96978 | | title | Ubuntu 12.04 LTS / 14.04 LTS : tomcat6, tomcat7 regression (USN-3177-2) (httpoxy) |
| NASL family | Scientific Linux Local Security Checks | | NASL id | SL_20170412_TOMCAT_ON_SL7_X.NASL | | description | Security Fix(es) :
- It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response.
By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.
- A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745) | | last seen | 2019-02-21 | | modified | 2018-12-27 | | plugin id | 99353 | | published | 2017-04-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99353 | | title | Scientific Linux Security Update : tomcat on SL7.x (noarch) |
| NASL family | Huawei Local Security Checks | | NASL id | EULEROS_SA-2017-1082.NASL | | description | According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
- It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response.
By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
- A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-11-14 | | plugin id | 99948 | | published | 2017-05-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99948 | | title | EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2017-1082) |
| NASL family | Amazon Linux Local Security Checks | | NASL id | ALA_ALAS-2017-810.NASL | | description | It was discovered that the code that parsed the HTTP request line permitted
invalid characters. This could be exploited, in conjunction with a proxy that
also permitted the invalid characters but with a different interpretation, to
inject data into the HTTP response. By manipulating the HTTP response the
attacker could poison a web-cache, perform an XSS attack, or obtain sensitive
information from requests other then their own. (CVE-2016-6816)
Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when
request contains characters that are not permitted by the HTTP specification to
appear not encoded, even though they were previously accepted. The newly
introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow
can be used to configure Tomcat to accept curly braces ({ and }) and the pipe
symbol (|) in not encoded form, as these are often used in URLs without being
properly encoded.
- A bug was discovered in the error handling of the send file code for the NIO
HTTP connector. This led to the current Processor object being added to the
Processor cache multiple times allowing information leakage between requests
including, and not limited to, session ID and the response body.
(CVE-2016-8745) | | last seen | 2019-02-21 | | modified | 2018-04-18 | | plugin id | 99037 | | published | 2017-03-30 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99037 | | title | Amazon Linux AMI : tomcat6 (ALAS-2017-810) |
| NASL family | Gentoo Local Security Checks | | NASL id | GENTOO_GLSA-201705-09.NASL | | description | The remote host is affected by the vulnerability described in GLSA-201705-09 (Apache Tomcat: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details.
Impact :
A remote attacker may be able to cause a Denial of Service condition, obtain sensitive information, bypass protection mechanisms and authentication restrictions.
A local attacker, who is a tomcat’s system user or belongs to tomcat’s group, could potentially escalate privileges.
Workaround :
There is no known workaround at this time. | | last seen | 2019-02-21 | | modified | 2018-01-26 | | plugin id | 100262 | | published | 2017-05-18 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=100262 | | title | GLSA-201705-09 : Apache Tomcat: Multiple vulnerabilities |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2017-586.NASL | | description | This update for tomcat fixes the following issues :
- CVE-2017-5647 Pipelined requests could lead to information disclosure (bsc#1033448)
- CVE-2017-5648 Untrusted application could retain listener leading to information disclosure (bsc#1033447)
- CVE-2016-8745 shared Processor on Connector code could lead to information disclosure (bsc#1015119)
This update was imported from the SUSE:SLE-12-SP1:Update and SUSE:SLE-12-SP2:Update update projects. | | last seen | 2019-02-21 | | modified | 2018-01-26 | | plugin id | 100204 | | published | 2017-05-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=100204 | | title | openSUSE Security Update : tomcat (openSUSE-2017-586) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2017-0935.NASL | | description | An update for tomcat is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es) :
* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.
* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745) | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 99348 | | published | 2017-04-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99348 | | title | RHEL 7 : tomcat (RHSA-2017:0935) |
| NASL family | CentOS Local Security Checks | | NASL id | CENTOS_RHSA-2017-0935.NASL | | description | An update for tomcat is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es) :
* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.
* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745) | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 99384 | | published | 2017-04-14 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99384 | | title | CentOS 7 : tomcat (CESA-2017:0935) |
| NASL family | Virtuozzo Local Security Checks | | NASL id | VIRTUOZZO_VZLSA-2017-0935.NASL | | description | An update for tomcat is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es) :
* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.
* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-11-20 | | plugin id | 101450 | | published | 2017-07-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=101450 | | title | Virtuozzo 7 : tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (VZLSA-2017-0935) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2017-0527.NASL | | description | An update for tomcat6 is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es) :
* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.
* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745) | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 97767 | | published | 2017-03-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=97767 | | title | RHEL 6 : tomcat6 (RHSA-2017:0527) |
| NASL family | Oracle Linux Local Security Checks | | NASL id | ORACLELINUX_ELSA-2017-0527.NASL | | description | From Red Hat Security Advisory 2017:0527 :
An update for tomcat6 is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es) :
* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.
* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745) | | last seen | 2019-02-21 | | modified | 2018-07-24 | | plugin id | 97765 | | published | 2017-03-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=97765 | | title | Oracle Linux 6 : tomcat6 (ELSA-2017-0527) |
| NASL family | CentOS Local Security Checks | | NASL id | CENTOS_RHSA-2017-0527.NASL | | description | An update for tomcat6 is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es) :
* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.
* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745) | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 97795 | | published | 2017-03-20 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=97795 | | title | CentOS 6 : tomcat6 (CESA-2017:0527) |
| NASL family | Debian Local Security Checks | | NASL id | DEBIAN_DSA-3755.NASL | | description | It was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure. | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 96345 | | published | 2017-01-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96345 | | title | Debian DSA-3755-1 : tomcat8 - security update |
| NASL family | Scientific Linux Local Security Checks | | NASL id | SL_20170315_TOMCAT6_ON_SL6_X.NASL | | description | Security Fix(es) :
- It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response.
By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.
- A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745) | | last seen | 2019-02-21 | | modified | 2018-12-27 | | plugin id | 97770 | | published | 2017-03-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=97770 | | title | Scientific Linux Security Update : tomcat6 on SL6.x (noarch) |
| NASL family | Debian Local Security Checks | | NASL id | DEBIAN_DLA-779.NASL | | description | A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not limited to, session ID and the response body.
In addition this update also addresses a regression when running Tomcat 7 with SecurityManager enabled due to an incomplete fix for CVE-2016-6816.
For Debian 7 'Wheezy', these problems have been fixed in version 7.0.28-4+deb7u9.
We recommend that you upgrade your tomcat7 packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-07-09 | | plugin id | 96396 | | published | 2017-01-11 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96396 | | title | Debian DLA-779-1 : tomcat7 security update |
| NASL family | Web Servers | | NASL id | TOMCAT_8_5_9.NASL | | description | According to its self-reported version number, the Apache Tomcat service running on the remote host is 6.0.16 prior to 6.0.50, 7.0.x prior to 7.0.75, 8.0.x prior to 8.0.41, 8.5.x prior to 8.5.9, or 9.0.x prior to 9.0.0.M15. It is therefore, affected by an information disclosure vulnerability in error handling during send file processing by the NIO HTTP connector, in which an error can cause the current Processor object to be added to the Processor cache multiple times. This allows the same Processor to be used for concurrent requests. An unauthenticated, remote attacker can exploit this issue, via a shared Processor, to disclose sensitive information, such as session IDs, response bodies related to another request, etc.
Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number. | | last seen | 2019-02-21 | | modified | 2019-01-11 | | plugin id | 96003 | | published | 2016-12-21 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96003 | | title | Apache Tomcat 6.0.16 < 6.0.50 / 7.0.x < 7.0.75 / 8.0.x < 8.0.41 / 8.5.x < 8.5.9 / 9.0.x < 9.0.0.M15 NIO HTTP Connector Information Disclosure |
| NASL family | Huawei Local Security Checks | | NASL id | EULEROS_SA-2017-1081.NASL | | description | According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
- It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response.
By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
- A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-11-14 | | plugin id | 99947 | | published | 2017-05-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99947 | | title | EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2017-1081) |
|
