Test Kennung:	1.3.6.1.4.1.25623.1.0.808629
Kategorie:	Web Servers
Titel:	Apache Tomcat 'CGI Servlet' MITM Vulnerability
Zusammenfassung:	Apache Tomcat is prone to a man-in-the-middle (MITM) vulnerability.
Beschreibung:	Summary: Apache Tomcat is prone to a man-in-the-middle (MITM) vulnerability. Vulnerability Insight: The flaw is due to 'CGI Servlet' does not protect applications from the presence of untrusted client data in the 'HTTP_PROXY' environment variable. Vulnerability Impact: Successful exploitation will allow remote attackers to conduct MITM attacks on internal server subrequests or direct the server to initiate connections to arbitrary hosts. Affected Software/OS: Apache Tomcat versions 8.5.4 and prior. Solution: Information is available and linked in the references about a configuration or deployment scenario that helps to reduce the risk of the vulnerability. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5388 1036331 http://www.securitytracker.com/id/1036331 91818 http://www.securityfocus.com/bid/91818 RHSA-2016:1624 http://rhn.redhat.com/errata/RHSA-2016-1624.html RHSA-2016:1635 https://access.redhat.com/errata/RHSA-2016:1635 RHSA-2016:1636 https://access.redhat.com/errata/RHSA-2016:1636 RHSA-2016:2045 http://rhn.redhat.com/errata/RHSA-2016-2045.html RHSA-2016:2046 http://rhn.redhat.com/errata/RHSA-2016-2046.html VU#797896 http://www.kb.cert.org/vuls/id/797896 [activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E [activemq-issues] 20190826 [jira] [Created] (AMQ-7288) Security Vulnerabilities in ActiveMQ dependent libraries. https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3Cissues.activemq.apache.org%3E [activemq-issues] 20190925 [jira] [Created] (AMQ-7310) Security Vulnerabilities in Tomcat-websocket-api.jar https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3E [debian-lts-announce] 20190813 [SECURITY] [DLA 1883-1] tomcat8 security update https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html [tomcat-users] 20200813 CVE reporting discrepencies https://lists.apache.org/thread.html/rc6b2147532416cc736e68a32678d3947b7053c3085cf43a9874fd102%40%3Cusers.tomcat.apache.org%3E [tomcat-users] 20200813 Re: CVE reporting discrepencies https://lists.apache.org/thread.html/r2853582063cfd9e7fbae1e029ae004e6a83482ae9b70a698996353dd%40%3Cusers.tomcat.apache.org%3E [tomcat-users] 20200814 Re: CVE reporting discrepencies https://lists.apache.org/thread.html/rf21b368769ae70de4dee840a3228721ae442f1d51ad8742003aefe39%40%3Cusers.tomcat.apache.org%3E http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 https://httpoxy.org/ https://tomcat.apache.org/tomcat-7.0-doc/changelog.html https://www.apache.org/security/asf-httpoxy-response.txt openSUSE-SU-2016:2252 http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html
Copyright	Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.