Executive Summary
Summary | |
---|---|
Title | tomcat security update |
Informations | |||
---|---|---|---|
Name | RHSA-2007:0326 | First vendor Publication | 2007-05-21 |
Vendor | RedHat | Last vendor Modification | 2007-05-21 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated tomcat packages that fix multiple security issues are now available for Red Hat Application Server v2. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Application Server v2 4AS - noarch Red Hat Application Server v2 4ES - noarch Red Hat Application Server v2 4WS - noarch 3. Problem description: Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. Tomcat was found to accept multiple content-length headers in a request. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. (CVE-2005-2090) Tomcat permitted various characters as path delimiters. If Tomcat was used behind certain proxies and configured to only proxy some contexts, an attacker could construct an HTTP request to work around the context restriction and potentially access non-proxied content. (CVE-2007-0450) Several applications distributed in the JSP examples displayed unfiltered values. If the JSP examples are accessible, these flaws could allow a remote attacker to perform cross-site scripting attacks. (CVE-2006-7195, CVE-2006-7196) The default Tomcat configuration permitted the use of insecure SSL cipher suites including the anonymous cipher suite. (CVE-2007-1858) Directory listings were enabled by default in Tomcat. Information stored unprotected under the document root was visible to anyone if the administrator did not disable directory listings. (CVE-2006-3835) Users should upgrade to these erratum packages which contain Tomcat version 5.5.23 that resolves these issues. Updated jakarta-commons-modeler packages are also included which correct a bug when used with Tomcat 5.5.23. 4. Solution: Note: /etc/tomcat5/web.xml has been updated to disable directory listing by default. If you have previously modified /etc/tomcat5/web.xml, this change will not be made automatically and you should manually update the value for the "listings" parameter to "false". Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 237086 - CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2007-0326.html |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-33 | HTTP Request Smuggling |
CAPEC-105 | HTTP Request Splitting |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
50 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10499 | |||
Oval ID: | oval:org.mitre.oval:def:10499 | ||
Title: | Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||
Description: | Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2090 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10643 | |||
Oval ID: | oval:org.mitre.oval:def:10643 | ||
Title: | Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache. | ||
Description: | Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-0450 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2009-11-07 | ToutVirtual VirtualIQ Pro 3.2 Multiple Vulnerabilities |
OpenVAS Exploits
Date | Description |
---|---|
2009-10-13 | Name : SLES10: Security update for Tomcat 5 File : nvt/sles10_tomcat5.nasl |
2009-10-13 | Name : SLES10: Security update for Tomcat 5 File : nvt/sles10_tomcat53.nasl |
2009-10-10 | Name : SLES9: Security update for jakarta-tomcat File : nvt/sles9p5012618.nasl |
2009-10-10 | Name : SLES9: Security update for Tomcat File : nvt/sles9p5021793.nasl |
2009-10-10 | Name : SLES9: Security update for Tomcat File : nvt/sles9p5023110.nasl |
2009-10-10 | Name : SLES9: Security update for Tomcat File : nvt/sles9p5042180.nasl |
2009-05-05 | Name : HP-UX Update for Apache HPSBUX02262 File : nvt/gb_hp_ux_HPSBUX02262.nasl |
2009-04-09 | Name : Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5) File : nvt/gb_mandriva_MDKSA_2007_241.nasl |
2009-02-18 | Name : SuSE Security Summary SUSE-SR:2009:004 File : nvt/suse_sr_2009_004.nasl |
2009-02-02 | Name : Ubuntu USN-710-1 (xine-lib) File : nvt/ubuntu_710_1.nasl |
2009-02-02 | Name : Ubuntu USN-711-1 (ktorrent) File : nvt/ubuntu_711_1.nasl |
2009-02-02 | Name : Ubuntu USN-712-1 (vim) File : nvt/ubuntu_712_1.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200705-03 (tomcat) File : nvt/glsa_200705_03.nasl |
2008-09-04 | Name : FreeBSD Ports: apache-tomcat File : nvt/freebsd_apache-tomcat0.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
43452 | Apache Tomcat HTTP Request Smuggling |
34888 | Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS |
34887 | Apache Tomcat implicit-objects.jsp Crafted Header XSS |
34882 | Apache Tomcat Default SSL Ciphersuite Configuration Weakness |
34769 | Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access Apache Tomcat when configured to use the Proxy module contains a flaw that may allow a remote attacker to gain access to privileged information. The issue is due to the server not properly sanitizing user requested URIs containing crafted sequences with combinations of the "/" (slash), "\" (backslash) and a URL-encoded backslash (%5C) characters. This may allow an attacker to use a URI with a crafted traversal sequence and access arbitrary files. |
32723 | Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing Apache Tomcat contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker makes a crafted file request containing a semicolon (;) before the file name, which will result in the server displaying the contents of the directory. This may disclose sensitive files, unpublished content or back up files. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2014-01-16 | IAVM : 2014-A-0009 - Multiple Vulnerabilities in Oracle Fusion Middleware Severity : Category I - VMSKEY : V0043395 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17502 - Revision : 8 - Type : SERVER-APACHE |
2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17501 - Revision : 8 - Type : SERVER-APACHE |
2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17500 - Revision : 7 - Type : SERVER-APACHE |
2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17499 - Revision : 7 - Type : SERVER-APACHE |
2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17498 - Revision : 8 - Type : SERVER-APACHE |
2014-01-10 | Multiple products UNIX platform backslash directory traversal attempt RuleID : 17391 - Revision : 16 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_tomcat_20140522.nasl - Type : ACT_GATHER_INFO |
2014-11-12 | Name : The remote Fedora host is missing a security update. File : fedora_2014-13777.nasl - Type : ACT_GATHER_INFO |
2014-11-07 | Name : The remote Fedora host is missing a security update. File : fedora_2014-13764.nasl - Type : ACT_GATHER_INFO |
2014-04-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0344.nasl - Type : ACT_GATHER_INFO |
2014-04-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0343.nasl - Type : ACT_GATHER_INFO |
2014-02-25 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_39.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0327.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070717_tomcat_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2011-11-18 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_4_1_36.nasl - Type : ACT_GATHER_INFO |
2011-11-18 | Name : The remote web server is affected by an HTTP request smuggling vulnerability. File : tomcat_5_5_23.nasl - Type : ACT_GATHER_INFO |
2011-11-18 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_13.nasl - Type : ACT_GATHER_INFO |
2010-07-09 | Name : The remote Apache Tomcat server is affected by a cross-site scripting vulnera... File : tomcat_implicit_obj_xss.nasl - Type : ACT_ATTACK |
2010-06-16 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_4_1_32.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0524.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0261.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1069.nasl - Type : ACT_GATHER_INFO |
2010-01-04 | Name : The remote web server is affected by a directory traversal vulnerability. File : tomcat_proxy_directory_traversal.nasl - Type : ACT_ATTACK |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12078.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12116.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12343.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-5955.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2008-0002.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-241.nasl - Type : ACT_GATHER_INFO |
2008-03-28 | Name : The remote openSUSE host is missing a security update. File : suse_tomcat55-5069.nasl - Type : ACT_GATHER_INFO |
2008-03-28 | Name : The remote service supports the use of anonymous SSL ciphers. File : ssl_anon_ciphers.nasl - Type : ACT_GATHER_INFO |
2008-03-26 | Name : The remote openSUSE host is missing a security update. File : suse_tomcat5-5071.nasl - Type : ACT_GATHER_INFO |
2008-03-26 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-5070.nasl - Type : ACT_GATHER_INFO |
2008-03-26 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_jk-5066.nasl - Type : ACT_GATHER_INFO |
2008-02-29 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_jk-4992.nasl - Type : ACT_GATHER_INFO |
2008-02-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-4990.nasl - Type : ACT_GATHER_INFO |
2008-01-10 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_geronimo-4864.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-3951.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_tomcat5-3950.nasl - Type : ACT_GATHER_INFO |
2007-09-24 | Name : The remote Apache Tomcat web server contains a JSP application that is affect... File : tomcat_sample_cal2_xss.nasl - Type : ACT_ATTACK |
2007-08-02 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2007-007.nasl - Type : ACT_GATHER_INFO |
2007-07-27 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_872623af39ec11dcb8cc000fea449b8a.nasl - Type : ACT_GATHER_INFO |
2007-05-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0327.nasl - Type : ACT_GATHER_INFO |
2007-05-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0327.nasl - Type : ACT_GATHER_INFO |
2007-05-02 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200705-03.nasl - Type : ACT_GATHER_INFO |