Executive Summary
Summary | |
---|---|
Title | jbossas security update |
Informations | |||
---|---|---|---|
Name | RHSA-2007:0360 | First vendor Publication | 2007-05-24 |
Vendor | RedHat | Last vendor Modification | 2007-05-24 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated jbossas packages that fix multiple security issues in tomcat are now available for Red Hat Application Stack. This update has been rated as having Important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - noarch Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - noarch 3. Problem description: Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. This update addresses the following issues: Tomcat was found to accept multiple content-length headers in a request. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. (CVE-2005-2090) Tomcat permitted various characters as path delimiters. If Tomcat was used behind certain proxies and configured to only proxy some contexts, an attacker could construct an HTTP request to work around the context restriction and potentially access non-proxied content. (CVE-2007-0450) Users should upgrade to these erratum packages, which contain an update to jbossas to include a version of Tomcat that resolves these issues. Updated jakarta-commons-modeler packages are also included which correct a bug when used with Tomcat 5.5.23. 4. Solution: Note: /etc/tomcat5/web.xml has been updated to disable directory listing by default. If you have previously modified /etc/tomcat5/web.xml, this change will not be made automatically and you should manually update the value for the "listings" parameter to "false". Note: In response to CVE-2007-0450, JBoss AS considers encoded slashes and backslashes in URLs invalid and its usage will result in HTTP 400 error. It is possible to allow encoded slashes and backslashes by following the steps outlined below, however doing so will expose you to CVE-2007-0450 related attacks: a) If you use the /var/lib/jbossas/bin/run.sh setup, please edit /etc/jbossas/run.conf and append - -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true - -Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true to the string assigned to JAVA_OPTS b) If you use the init script setup to run multiple JBoss AS services and you wish to allow encoding by default on all services, please edit /etc/jbossas/jbossas.conf and add the line JAVA_OPTS="${JAVA_OPTS} - -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true - -Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true" c) If you use the init script setup to run multiple JBoss AS services and want to allow encoding of slashes and backslashes for a particular service, please edit /etc/sysconfig/${NAME} (where NAME is the name of your service) and add the line JAVA_OPTS="${JAVA_OPTS} - -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true - -Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true" Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 238574 - CVE-2005-2090 multiple tomcat issues (CVE-2007-0450) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2007-0360.html |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-33 | HTTP Request Smuggling |
CAPEC-105 | HTTP Request Splitting |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10499 | |||
Oval ID: | oval:org.mitre.oval:def:10499 | ||
Title: | Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||
Description: | Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2090 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10643 | |||
Oval ID: | oval:org.mitre.oval:def:10643 | ||
Title: | Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache. | ||
Description: | Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-0450 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for jakarta-tomcat File : nvt/sles9p5012618.nasl |
2009-10-10 | Name : SLES9: Security update for Tomcat File : nvt/sles9p5021793.nasl |
2009-05-05 | Name : HP-UX Update for Apache HPSBUX02262 File : nvt/gb_hp_ux_HPSBUX02262.nasl |
2009-04-09 | Name : Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5) File : nvt/gb_mandriva_MDKSA_2007_241.nasl |
2009-02-02 | Name : Ubuntu USN-710-1 (xine-lib) File : nvt/ubuntu_710_1.nasl |
2009-02-02 | Name : Ubuntu USN-711-1 (ktorrent) File : nvt/ubuntu_711_1.nasl |
2009-02-02 | Name : Ubuntu USN-712-1 (vim) File : nvt/ubuntu_712_1.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200705-03 (tomcat) File : nvt/glsa_200705_03.nasl |
2008-09-04 | Name : FreeBSD Ports: apache-tomcat File : nvt/freebsd_apache-tomcat0.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
43452 | Apache Tomcat HTTP Request Smuggling |
34769 | Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access Apache Tomcat when configured to use the Proxy module contains a flaw that may allow a remote attacker to gain access to privileged information. The issue is due to the server not properly sanitizing user requested URIs containing crafted sequences with combinations of the "/" (slash), "\" (backslash) and a URL-encoded backslash (%5C) characters. This may allow an attacker to use a URI with a crafted traversal sequence and access arbitrary files. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17502 - Revision : 8 - Type : SERVER-APACHE |
2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17501 - Revision : 8 - Type : SERVER-APACHE |
2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17500 - Revision : 7 - Type : SERVER-APACHE |
2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17499 - Revision : 7 - Type : SERVER-APACHE |
2014-01-10 | Apache Tomcat UNIX platform directory traversal RuleID : 17498 - Revision : 8 - Type : SERVER-APACHE |
2014-01-10 | Multiple products UNIX platform backslash directory traversal attempt RuleID : 17391 - Revision : 16 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_tomcat_20140522.nasl - Type : ACT_GATHER_INFO |
2014-11-12 | Name : The remote Fedora host is missing a security update. File : fedora_2014-13777.nasl - Type : ACT_GATHER_INFO |
2014-11-07 | Name : The remote Fedora host is missing a security update. File : fedora_2014-13764.nasl - Type : ACT_GATHER_INFO |
2014-04-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0343.nasl - Type : ACT_GATHER_INFO |
2014-04-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0344.nasl - Type : ACT_GATHER_INFO |
2014-02-25 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_39.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0327.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070717_tomcat_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2011-11-18 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_4_1_36.nasl - Type : ACT_GATHER_INFO |
2011-11-18 | Name : The remote web server is affected by an HTTP request smuggling vulnerability. File : tomcat_5_5_23.nasl - Type : ACT_GATHER_INFO |
2011-11-18 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_13.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1069.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0261.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0524.nasl - Type : ACT_GATHER_INFO |
2010-01-04 | Name : The remote web server is affected by a directory traversal vulnerability. File : tomcat_proxy_directory_traversal.nasl - Type : ACT_ATTACK |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12078.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2008-0002.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-241.nasl - Type : ACT_GATHER_INFO |
2008-02-29 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_jk-4992.nasl - Type : ACT_GATHER_INFO |
2008-02-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-4990.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-3951.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_tomcat5-3950.nasl - Type : ACT_GATHER_INFO |
2007-08-02 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2007-007.nasl - Type : ACT_GATHER_INFO |
2007-07-27 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_872623af39ec11dcb8cc000fea449b8a.nasl - Type : ACT_GATHER_INFO |
2007-05-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0327.nasl - Type : ACT_GATHER_INFO |
2007-05-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0327.nasl - Type : ACT_GATHER_INFO |
2007-05-02 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200705-03.nasl - Type : ACT_GATHER_INFO |