| Description: | Summary:
Apache Tomcat Server is prone to multiple vulnerabilities.
Vulnerability Insight:
Multiple flows are due to:
- Error in 'XML parser' used for other web applications, which allows local users to
read or modify the web.xml, context.xml, or tld files via a crafted application
that is loaded earlier than the target application.
- when FORM authentication is used, cause enumerate valid usernames via requests
to /j_security_check with malformed URL encoding of passwords, related to
improper error checking in the MemoryRealm, DataSourceRealm, and JDBCRealm
authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
- when the 'Java AJP connector' and 'mod_jk load balancing' are used, via a
crafted request with invalid headers, related to temporary blocking of
connectors that have encountered errors, as demonstrated by an error
involving a malformed HTTP Host header.
Vulnerability Impact:
Successful attempt could lead to remote code execution and attacker can gain
the full permission on affected file, and can cause denial of service.
Affected Software/OS:
Apache Tomcat version 6.0.0 to 6.0.18
Apache Tomcat version 5.5.0 to 5.5.27
Apache Tomcat version 4.1.0 to 4.1.39
Solution:
Upgrade to Apache Tomcat version 4.1.40, or 5.5.28, or 6.0.20 or later.
CVSS Score:
5.0
CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
