Lucene search

K
amazonAmazonALAS-2016-681
HistoryMar 29, 2016 - 3:30 p.m.

Medium: tomcat6

2016-03-2915:30:00
alas.aws.amazon.com
17

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.3%

Issue Overview:

A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /… (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. (CVE-2015-5174)

The Mapper component processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. (CVE-2015-5345)

The session-persistence implementation was discovered to mishandle session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. (CVE-2016-0714)

It was discovered that org.apache.catalina.manager.StatusManagerServlet was not placed on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. (CVE-2016-0706)

Affected Packages:

tomcat6

Issue Correction:
Run yum update tomcat6 to update your system.

New Packages:

noarch:  
    tomcat6-jsp-2.1-api-6.0.45-1.4.amzn1.noarch  
    tomcat6-6.0.45-1.4.amzn1.noarch  
    tomcat6-admin-webapps-6.0.45-1.4.amzn1.noarch  
    tomcat6-servlet-2.5-api-6.0.45-1.4.amzn1.noarch  
    tomcat6-docs-webapp-6.0.45-1.4.amzn1.noarch  
    tomcat6-el-2.1-api-6.0.45-1.4.amzn1.noarch  
    tomcat6-webapps-6.0.45-1.4.amzn1.noarch  
    tomcat6-lib-6.0.45-1.4.amzn1.noarch  
    tomcat6-javadoc-6.0.45-1.4.amzn1.noarch  
  
src:  
    tomcat6-6.0.45-1.4.amzn1.src  

Additional References

Red Hat: CVE-2015-5174, CVE-2015-5345, CVE-2016-0706, CVE-2016-0714

Mitre: CVE-2015-5174, CVE-2015-5345, CVE-2016-0706, CVE-2016-0714

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.3%

Related for ALAS-2016-681