Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2011:156 | First vendor Publication | 2011-10-18 |
Vendor | Mandriva | Last vendor Modification | 2011-10-18 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities has been discovered and corrected in tomcat 5.5.x: The implementation of HTTP DIGEST authentication in tomcat was discovered to have several weaknesses (CVE-2011-1184). Apache Tomcat, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file (CVE-2011-2204). Apache Tomcat, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application (CVE-2011-2526). Certain AJP protocol connector implementations in Apache Tomcat allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request (CVE-2011-3190). The updated packages have been patched to correct these issues. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:156 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
25 % | CWE-200 | Information Exposure |
25 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14573 | |||
Oval ID: | oval:org.mitre.oval:def:14573 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) | ||
Description: | Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-2526 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14931 | |||
Oval ID: | oval:org.mitre.oval:def:14931 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) | ||
Description: | Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-2204 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14933 | |||
Oval ID: | oval:org.mitre.oval:def:14933 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Authentication Bypass, Cross-Site Scripting (XSS), Unauthorized Access, Denial of Service (DoS) | ||
Description: | Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-3190 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15435 | |||
Oval ID: | oval:org.mitre.oval:def:15435 | ||
Title: | USN-1252-1 -- Tomcat vulnerabilities | ||
Description: | tomcat6: Servlet and JSP engine Tomcat could be made to crash or expose sensitive information over the network. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1252-1 CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | Tomcat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19169 | |||
Oval ID: | oval:org.mitre.oval:def:19169 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-1184 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19465 | |||
Oval ID: | oval:org.mitre.oval:def:19465 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-3190 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19514 | |||
Oval ID: | oval:org.mitre.oval:def:19514 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-2526 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19532 | |||
Oval ID: | oval:org.mitre.oval:def:19532 | ||
Title: | HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities | ||
Description: | Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-2204 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20657 | |||
Oval ID: | oval:org.mitre.oval:def:20657 | ||
Title: | VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues | ||
Description: | Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-3190 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-08-14 | Name : Fedora Update for tomcat6 FEDORA-2012-7593 File : nvt/gb_fedora_2012_7593_tomcat6_fc16.nasl |
2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-24 (apache tomcat) File : nvt/glsa_201206_24.nasl |
2012-08-02 | Name : SuSE Update for tomcat6 openSUSE-SU-2012:0208-1 (tomcat6) File : nvt/gb_suse_2012_0208_1.nasl |
2012-07-30 | Name : CentOS Update for tomcat6 CESA-2011:1780 centos6 File : nvt/gb_CESA-2011_1780_tomcat6_centos6.nasl |
2012-07-30 | Name : CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64 File : nvt/gb_CESA-2011_1845_tomcat5_centos5_x86_64.nasl |
2012-07-09 | Name : RedHat Update for tomcat6 RHSA-2011:1780-01 File : nvt/gb_RHSA-2011_1780-01_tomcat6.nasl |
2012-04-02 | Name : Fedora Update for tomcat6 FEDORA-2011-13426 File : nvt/gb_fedora_2011_13426_tomcat6_fc16.nasl |
2012-03-16 | Name : VMSA-2012-0005 VMware vCenter Server, Orchestrator, Update Manager, vShield, ... File : nvt/gb_VMSA-2012-0005.nasl |
2012-02-12 | Name : Debian Security Advisory DSA 2401-1 (tomcat6) File : nvt/deb_2401_1.nasl |
2012-02-06 | Name : Mac OS X Multiple Vulnerabilities (2012-001) File : nvt/gb_macosx_su12-001.nasl |
2012-01-16 | Name : Apache Tomcat Multiple Security Bypass Vulnerabilities (Win) File : nvt/gb_apache_tomcat_mult_security_bypass_vuln_win.nasl |
2011-12-23 | Name : CentOS Update for tomcat5 CESA-2011:1845 centos5 i386 File : nvt/gb_CESA-2011_1845_tomcat5_centos5_i386.nasl |
2011-12-23 | Name : RedHat Update for tomcat5 RHSA-2011:1845-01 File : nvt/gb_RHSA-2011_1845-01_tomcat5.nasl |
2011-11-11 | Name : Fedora Update for tomcat6 FEDORA-2011-15005 File : nvt/gb_fedora_2011_15005_tomcat6_fc15.nasl |
2011-11-11 | Name : Ubuntu Update for tomcat6 USN-1252-1 File : nvt/gb_ubuntu_USN_1252_1.nasl |
2011-10-21 | Name : Fedora Update for tomcat6 FEDORA-2011-13456 File : nvt/gb_fedora_2011_13456_tomcat6_fc15.nasl |
2011-10-21 | Name : Fedora Update for tomcat6 FEDORA-2011-13457 File : nvt/gb_fedora_2011_13457_tomcat6_fc14.nasl |
2011-10-21 | Name : Mandriva Update for tomcat5 MDVSA-2011:156 (tomcat5) File : nvt/gb_mandriva_MDVSA_2011_156.nasl |
2011-09-09 | Name : Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability File : nvt/gb_tomcat_48667.nasl |
2011-09-08 | Name : Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability File : nvt/gb_tomcat_48456.nasl |
2011-09-08 | Name : Apache Tomcat AJP Protocol Security Bypass Vulnerability File : nvt/gb_tomcat_49353.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
76189 | Apache Tomcat HTTP DIGEST Authentication Weakness |
74818 | Apache Tomcat AJP Message Injection Authentication Bypass Apache Tomcat contains a flaw related to the processing of certain requests. The issue is triggered when a remote attacker injects arbitrary AJP messages. This may disclose sensitive information to an attacker or allow them to bypass authentication. |
73798 | Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS |
73797 | Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Res... |
73429 | Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-03 | Name : The remote VMware ESXi / ESX host is missing a security-related patch. File : vmware_VMSA-2012-0005_remote.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_tomcat_20140401.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0682.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0680.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_tomcat6-110815.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_tomcat6-110916.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_tomcat6-120207.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_tomcat6-110815.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_tomcat6-110916.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2011-25.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1780.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1845.nasl - Type : ACT_GATHER_INFO |
2013-06-05 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2012-0005.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0074.nasl - Type : ACT_GATHER_INFO |
2012-08-10 | Name : The remote Fedora host is missing a security update. File : fedora_2012-7593.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111205_tomcat6_on_SL6.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111220_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-06-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-24.nasl - Type : ACT_GATHER_INFO |
2012-03-16 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0005.nasl - Type : ACT_GATHER_INFO |
2012-02-07 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_tomcat6-120206.nasl - Type : ACT_GATHER_INFO |
2012-02-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2401.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2012-001.nasl - Type : ACT_GATHER_INFO |
2011-12-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1780.nasl - Type : ACT_GATHER_INFO |
2011-12-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1845.nasl - Type : ACT_GATHER_INFO |
2011-12-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1845.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-7689.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-7756.nasl - Type : ACT_GATHER_INFO |
2011-12-12 | Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_6_0_35.nasl - Type : ACT_GATHER_INFO |
2011-12-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1780.nasl - Type : ACT_GATHER_INFO |
2011-11-14 | Name : The remote Fedora host is missing a security update. File : fedora_2011-15005.nasl - Type : ACT_GATHER_INFO |
2011-11-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1252-1.nasl - Type : ACT_GATHER_INFO |
2011-10-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-7755.nasl - Type : ACT_GATHER_INFO |
2011-10-21 | Name : The remote Fedora host is missing a security update. File : fedora_2011-13457.nasl - Type : ACT_GATHER_INFO |
2011-10-21 | Name : The remote Fedora host is missing a security update. File : fedora_2011-13456.nasl - Type : ACT_GATHER_INFO |
2011-10-19 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-156.nasl - Type : ACT_GATHER_INFO |
2011-10-19 | Name : The remote Fedora host is missing a security update. File : fedora_2011-13426.nasl - Type : ACT_GATHER_INFO |
2011-09-26 | Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_5_5_34.nasl - Type : ACT_GATHER_INFO |
2011-09-02 | Name : The remote web server is affected by an authentication bypass vulnerability t... File : tomcat_7_0_21.nasl - Type : ACT_GATHER_INFO |
2011-09-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-7688.nasl - Type : ACT_GATHER_INFO |
2011-08-30 | Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_6_0_33.nasl - Type : ACT_GATHER_INFO |
2011-08-03 | Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_7_0_19.nasl - Type : ACT_GATHER_INFO |
2011-04-07 | Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_7_0_12.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:42:30 |
|