Lucene search

K
ibmIBM2D7C485C705EF6647EC2ADDB5048FDAE46343DAD18C74DA4CF56006EB314660D
HistoryJan 27, 2023 - 10:54 a.m.

Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries

2023-01-2710:54:22
www.ibm.com
57
ibm tivoli application dependency discovery manager
apache tomcat
vulnerabilities

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.971

Percentile

99.8%

Summary

IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial of service due to use of Apache Tomcat libraries (CVE-2005-3164, CVE-2005-4836, CVE-2005-4838, CVE-2007-2449, CVE-2007-5461, CVE-2008-0128, CVE-2007-5333, CVE-2008-1232, CVE-2008-2370, CVE-2008-4308, CVE-2009-0781, CVE-2008-5519, CVE-2009-0033, CVE-2009-0580, CVE-2009-0783, CVE-2008-5515, CVE-2009-3548, CVE-2009-2696, CVE-2012-5568, CVE-2013-6357, CVE-2013-2185, CVE-2013-4286, CVE-2013-4322, CVE-2013-4590, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2013-4444, CVE-2020-8022)

Vulnerability Details

CVEID:CVE-2005-3164
**DESCRIPTION:**The Hitachi Cosminexus Application Server could disclose sensitive information. A remote attacker could send a specially-crafted HTTP post request without a body to obtain the body data from the previous HTTP request. A remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 2.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/22506 for the current score.
CVSS Vector:

CVEID:CVE-2005-4836
**DESCRIPTION:**Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to reject NULL bytes in a URL by the HTTP/1.1 connector. If allowLinking=“true” is configured for the contexts, an attacker could exploit this vulnerability to read JSP files and obtain sensitive information.
CVSS Base score: 2.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/40736 for the current score.
CVSS Vector:

CVEID:CVE-2005-4838
**DESCRIPTION:**Apache Tomcat is vulnerable to cross-site scripting. A remote authenticated attacker could embed malicious script in a URL request to the Tomcat Manager, which would be executed in the victim’s Web browser within the security context of the hosting site, `once the link is clicked.
CVSS Base score: 3.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/18790 for the current score.
CVSS Vector:

CVEID:CVE-2007-2449
**DESCRIPTION:**Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the JSP example Web application. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/34869 for the current score.
CVSS Vector:

CVEID:CVE-2007-5461
**DESCRIPTION:**Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14,under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
CVSS Base score: 3.5
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N)

CVEID:CVE-2008-0128
**DESCRIPTION:**Apache Tomcat could allow a remote attacker from within the local network to obtain sensitive information. When the SingleSignOn valve is set up to work over HTTPS, the JSESSIONIDSSO cookie is transmitted over insecure channels. By sending an HTTP request, an attacker could exploit this vulnerability to obtain the cookie and other sensitive information.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/39804 for the current score.
CVSS Vector: (AV:A/AC:L/Au:N/C:P/I:N/A:N)

CVEID:CVE-2007-5333
**DESCRIPTION:**Apache Tomcat could allow a remote attacker to obtain sensitive information, caused improper handling of quotes and %5C character sequences within cookie values. An attacker could exploit this vulnerability to obtain cookie information, including the session ID.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/40403 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID:CVE-2008-1232
**DESCRIPTION:**Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the HttpServletResponse.sendError() function. A remote attacker could exploit this vulnerability using the “Reason-Phrase” of an HTTP response to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/44155 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID:CVE-2008-2370
**DESCRIPTION:**Apache Tomcat could allow a remote attacker to traverse directories on the system, caused by the normalization of the target path prior to removing the query string from the URI when using a RequestDispatcher. An attacker could send a specially-crafted request containing “dot dot” sequences (/…/) in the request parameter to read arbitrary files on the system.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/44156 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID:CVE-2008-4308
**DESCRIPTION:**Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the improper processing of POST data by the doRead method. A remote attacker could exploit this vulnerability to obtain the stored information of previous POST requests. Note: This vulnerability also affects multiple Fujitsu INTERSTAGE products.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/48934 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID:CVE-2009-0781
**DESCRIPTION:**Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jsp/cal/cal2.jsp script in the calendar application within the examples Web application. A remote attacker could exploit this vulnerability using the time parameter in a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/49213 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID:CVE-2008-5519
**DESCRIPTION:**The mod_jk module for Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when handing certain HTTP requests. By sending multiple HTTP POST requests containing a specially-crafted Content-Length header, an attacker could exploit this vulnerability to obtain response data intended for the victim.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/49725 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVEID:CVE-2009-0033
**DESCRIPTION:**Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of header files by the Java AJP connector. By sending a specially-crafted HTTP header request, a remote attacker could exploit this vulnerability to block the mod_jk load balancer which temporarily blocks connectivity to the server.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/50928 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID:CVE-2009-0580
**DESCRIPTION:**Apache Tomcat could allow an attacker to obtain sensitive information, caused by an error in the authentication form. A different password prompt is returned when a login attempt is made via an invalid username. If j_security_check is used in conjunction with MemoryRealm, DataSourceRealm, or JDBCRealm, a remote attacker could exploit this vulnerability, using brute force techniques, to enumerate valid usernames and gain unauthorized access to the system.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/50930 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID:CVE-2009-0783
**DESCRIPTION:**Apache Tomcat could allow a local attacker to obtain sensitive information, caused by the replacement of an XML parser by Web applications. A local attacker could exploit this vulnerability using a previously loaded application to read the we.xml, context.xml, or tld files of other applications.
CVSS Base score: 2.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/51195 for the current score.
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVEID:CVE-2008-5515
**DESCRIPTION:**Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the normalization of the target path prior to filtering the query string when using a RequestDispatcher. An attacker could send a specially-crafted request containing “dot dot” sequences (/…/) and the WEB-INF directory in the request parameter to gain unauthorized access to the system.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/51365 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVEID:CVE-2009-3548
**DESCRIPTION:**The Apache Tomcat Windows installer defaults to a blank password for the admin account when one is not provided during the installation process. A remote attacker could exploit this vulnerability to gain administrative access to the application.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/54182 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVEID:CVE-2009-2696
**DESCRIPTION:**Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jsp/cal/cal2.jsp script in the calendar application within the examples Web application. A remote attacker could exploit this vulnerability using the time parameter in a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/60962 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID:CVE-2012-5568
**DESCRIPTION:**Apache Tomcat is vulnerable to a denial of service, caused by a slowloris attack. By opening connections to the web server and sending a partial request accompanied with partial HTTP headers, a remote attacker could keep the connections open and prevent further connection attempts from clients.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/80317 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVEID:CVE-2013-6357
**DESCRIPTION:**Apache Tomcat is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the Manager application. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/88471 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID:CVE-2013-2185
**DESCRIPTION:**Red Hat JBoss Enterprise Application Platform could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the implementation of the DiskFileItem class. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability using serialized instance of the DiskFileItem class to upload a file containing a NULL byte, which could allow the attacker to execute arbitrary PHP code on the vulnerable system.
CVSS Base score: 6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/87273 for the current score.
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P)

CVEID:CVE-2013-4286
**DESCRIPTION:**Apache Tomcat is vulnerable to HTTP request smuggling, caused by an incomplete fix related to the handling of malicious request. By sending a specially-crafted request in a Transfer-Encoding: chunked header and a Content-length header to the Apache HTTP server that will be reassembled with the original Content-Length header value, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/91426 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID:CVE-2013-4322
**DESCRIPTION:**Apache Tomcat is vulnerable to a denial of service, caused by an incomplete fix related to the processing of chunked transfer coding without properly handling a large total amount of chunked data or whitespace characters in an HTTP header value. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/91625 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID:CVE-2013-4590
**DESCRIPTION:**Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when running untrusted web applications. By sending a specially-crafted request, an attacker could exploit this vulnerability to read arbitrary files and obtain sensitive information.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/91424 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVEID:CVE-2014-0075
**DESCRIPTION:**Apache Tomcat is vulnerable to a denial of service, caused by an integer overflow in the parseChunkHeader function. A remote attacker could exploit this vulnerability using a malformed chunk size as part of a chunked request to consume all available resources.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/93365 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID:CVE-2014-0096
**DESCRIPTION:**Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data by the default server. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/93367 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVEID:CVE-2014-0099
**DESCRIPTION:**Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/93369 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID:CVE-2014-0119
**DESCRIPTION:**Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the replacement of the XML parsers used to process XSLTs for the default servlet. An attacker could exploit this vulnerability using a specially-crafted application to obtain sensitive information.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/93368 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID:CVE-2013-4444
**DESCRIPTION:**Apache Tomcat could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the File Upload feature. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious JSP, which could allow the attacker to execute arbitrary JSP code on the vulnerable system.
CVSS Base score: 6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/95876 for the current score.
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P)

CVEID:CVE-2020-8022
**DESCRIPTION:**tomcat package for openSUSE could allow a local authenticated attacker to gain elevated privileges on the system, caused by an incorrect default permission flaw. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges as root.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/184110 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0-7.3.0.9

Remediation/Fixes

TADDM FixPack 7.3.0.10 has been released. Please upgrade to 7.3.0.10 to resolve known vulnerabilities at the date of release.

Please refer to below URL to download TADDM FixPack 7.3.0.10.

Fix How to acquire fix
7.3-TIV-ITADDM-FP00010 Download FixPack

Please refer to URL below for more information on TADDM FixPack 7.3.0.10.

<https://www.ibm.com/docs/en/taddm/7.3.0?topic=release-notes#relnotes__fp10&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmtivoli_application_dependency_discovery_managerMatch7.3.0.0
OR
ibmtivoli_application_dependency_discovery_managerMatch7.3.0.9

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.971

Percentile

99.8%