github - ghsa-xcpr-7mr4-h4xq

ghsa-xcpr-7mr4-h4xq

Vulnerability from github

Published

2024-11-18 12:30

Modified

2024-11-18 23:48

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Apache Tomcat - Authentication Bypass

Details

Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95.

Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-catalina"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.0.96"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-catalina"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.1.0-M1"
            },
            {
              "fixed": "10.1.30"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 11.0.0-M26"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat-catalina"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0-M1"
            },
            {
              "fixed": "11.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-52316"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-391"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-11-18T23:48:03Z",
    "nvd_published_at": "2024-11-18T12:15:18Z",
    "severity": "CRITICAL"
  },
  "details": "Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC)\u00a0ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta\u00a0Authentication components that behave in this way.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95.\n\nUsers are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.",
  "id": "GHSA-xcpr-7mr4-h4xq",
  "modified": "2024-11-18T23:48:03Z",
  "published": "2024-11-18T12:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52316"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/6d097a66746635df6880fe7662a792156b0eca14"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/7532f9dc4a8c37ec958f79dc82c4924a6c539223"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/acc2f01395f895980f5d8a64573fcc1bade13369"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/tomcat"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Tomcat - Authentication Bypass"
}

cve-2024-52316

Vulnerability from cvelistv5

Published

2024-11-18 11:32

Modified

2024-11-19 13:58

Severity ?

Summary

Apache Tomcat: Authentication bypass when using Jakarta Authentication API

References

▼	URL	Tags
	https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928	vendor-advisory

Impacted products

Vendor

Product

Version

▼

Apache Software Foundation

Apache Tomcat

Version: 11.0.0-M1   ≤ 11.0.0-M26
Version: 10.1.0-M1   ≤ 10.1.30
Version: 9.0.0-M1   ≤ 9.0.95

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:tomcat:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tomcat",
            "vendor": "apache",
            "versions": [
              {
                "lessThanOrEqual": "9.0.95",
                "status": "affected",
                "version": "9.0.0-M1",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "10.1.30",
                "status": "affected",
                "version": "10.1.0-M1",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "11.0.0-M26",
                "status": "affected",
                "version": "11.0.0-M1",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-52316",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-18T14:50:59.890424Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-19T13:58:44.964Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-18T18:03:23.720Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/11/18/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "11.0.0-M26",
              "status": "affected",
              "version": "11.0.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.1.30",
              "status": "affected",
              "version": "10.1.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.0.95",
              "status": "affected",
              "version": "9.0.0-M1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUnchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC)\u0026nbsp;ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta\u0026nbsp;Authentication components that behave in this way.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.\u003c/p\u003e"
            }
          ],
          "value": "Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC)\u00a0ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta\u00a0Authentication components that behave in this way.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95.\n\nUsers are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-391",
              "description": "CWE-391 Unchecked Error Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-18T11:32:22.072Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Apache Tomcat: Authentication bypass when using Jakarta Authentication API",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-52316",
    "datePublished": "2024-11-18T11:32:22.072Z",
    "dateReserved": "2024-11-07T07:41:56.639Z",
    "dateUpdated": "2024-11-19T13:58:44.964Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted