Announcement Announcement Module
Collapse
No announcement yet.
Advisory - Multiple Vulnerabilities in Apache Tomcat Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Advisory - Multiple Vulnerabilities in Apache Tomcat

    Multiple Vulnerabilities in Apache Tomcat


    Severity Rating: Medium

    System Affected:
    • Apache Tomcat versions prior to 6.0.39
    • Apache Tomcat versions prior to 7.0.52
    • Apache Tomcat versions prior to 8.0.3

    Overview

    Multiple vulnerabilities have been reported in Apache Tomcat which could be exploited by an attacker to disclose sensitive information, conduct spoofing , session fixation attacks and manipulate data.

    Description

    1. Frame Injection Vulnerability

    This vulnerability exists due to a frame injection vulnerability in Oracle Javadoc utility. (Tomcat 6 is built with Java 5 which generates this Javadoc.) Successful exploitation of this vulnerability allows injecting malicious content into a frame within a Javadoc-generated HTML page leading to phishing, spoofing, or other social engineering attacks against web browser user.



    2. Information Disclosure Vulnerability

    This vulnerability exists due to improper handling of unreliable HTTP request headers when an HTTP connector or AJP connector is used which may allow a remote attacker to incorrectly identify request's length and conduct smuggling attacks via multiple Content-Length headers or a Content-Length header . Successful exploitation of this vulnerability could lead to manipulation of the web cache, cross-site scripting attacks or bypass certain security restrictions.



    3. XML External Entity Information Disclosure Vulnerability

    This vulnerability exists due to improper handling of application controlled XML files. Successful exploitation of this vulnerability could allow an attacker to obtain internal application information via a
    specially crafted XML file while running untrusted web applications.



    4. Session Fixation Vulnerability

    This vulnerability exists due an error which does not consider the disableURLRewriting setting while handling a session ID in a URL . A remote attacker could exploit this vulnerability by enticing a user to visit a specially-crafted link and log into the application. Successful exploitation of this vulnerability could allow a remote attacker to conduct session fixation attacks via a crafted URL.



    5. Denial of Service Vulnerability

    This vulnerability exists while processing chunked transfer coding with improper handling of chunked data or whitespace characters in an HTTP header value.
    Successful exploitation of this vulnerability could allow an attacker to cause Denial of Service condition by streaming data.


    Solution
    Update to appropriate latest versions

    http://tomcat.apache.org/download-60.cgi
    http://tomcat.apache.org/download-70.cgi
    http://tomcat.apache.org/download-80.cgi

    Vendor Information
    Apache Tomcat
    http://tomcat.apache.org/security-6.html
    http://tomcat.apache.org/security-7.html
    http://tomcat.apache.org/security-8.html

    References
    Secunia
    http://secunia.com/advisories/56742/
    Security Focus
    http://www.securityfocus.com/bid/65773/
    http://www.securityfocus.com/bid/65768/
    http://www.securityfocus.com/bid/60634/
    http://www.securityfocus.com/bid/65769/

    Securelist
    http://www.securelist.com/en/advisories/56742
Working...
X