5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
Security vulnerabilities exist in Apache Tomcat which is shipped with IBM WebSphere Application Server Community Edition 2.1.1.6 and 3.0.0.4.
CVE ID:CVE-2013-4286
DESCRIPTION: Apache Tomcat before 6.0.39, and 7.x before 7.0.47, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request’s length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a “Transfer-Encoding: chunked” header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91426> for the current score
CVSS Environmental Score:* Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVE ID:CVE-2014-0033
DESCRIPTION: org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL.
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91423> for the current score
CVSS Environmental Score:* Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVE ID:CVE-2013-4322
DESCRIPTION: Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
CVSS:
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91625> for the current score
CVSS Environmental Score:* Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE ID:CVE-2013-4590
DESCRIPTION: Apache Tomcat before 6.0.39, and 7.x before 7.0.50 allows attackers to obtain “Tomcat internals” information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91424> for the current score
CVSS Environmental Score:* Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
WASCE 2.1.1.6 and WASCE 3.0.0.4
WASCE 2.1.1.6:
1.Please download the patch file.TomcatSecurityPatch2.1.1.6.zip
2.Unzip the attached file into the WebSphere Application Server Community Edition installation directory, and ensure the files listed in the zip file replace the ones in the server installation directory.
3.Start WASCE 2.1.1.6 server.
Notice: Recommend setting the JVM PermGen maximum size to 512MB if running WASCE 2.1.1.6 server with Oracle JDK. About how to configure PermGen size, please follow the instruction below.
Windows
Add the line into <WASCE_Installation_Dir>\bin\geronimo.bat.
set JAVA_OPTS=%JAVA_OPTS% -XX:PermSize=512M
Please check geronimo.bat sample.geronimo.bat
Unix/Linux
Add the line into <WASCE_Installation_Dir>\bin\geronimo.sh.
JAVA_OPTS=“'$JAVA_OPTS -XX:MaxPermSize=512M”
Please check geronimo.sh sample.geronimo.sh
WASCE 3.0.0.4:
1.Please download the patch file.TomcatSecurityPatch3.0.0.4.zip
2.Unzip the attached file into the WebSphere Application Server Community Edition installation directory, and ensure the files listed in the zip file replace the ones in the server installation directory.
3.Start WASCE 3.0.0.4 server with the cache cleaned, for example,
Window
<WAS_CE_HOME>\bin\startup -c
Unix/Linux
<WAS_CE_HOME>/bin/startup.sh -c