{"modified": "2013-06-20T00:00:00", "id": "ELSA-2013-0964", "title": "tomcat6 security update", "edition": 1, "viewCount": 0, "objectVersion": "1.2", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "lastseen": "2016-09-04T11:16:24", "description": "[0:6.0.24-57]\n- Related: CVE-2013-2067 Session fixation\n[0:6.0.24-56]\n- Resolves: CVE-2013-2067 session fixation", "href": "http://linux.oracle.com/errata/ELSA-2013-0964.html", "cvelist": ["CVE-2013-2067"], "published": "2013-06-20T00:00:00", "history": [], "reporter": "Oracle", "affectedPackage": [{"packageFilename": "tomcat6-jsp-2.1-api-6.0.24-57.el6_4.noarch.rpm", "packageVersion": "6.0.24-57.el6_4", "OS": "Oracle Linux", "arch": "noarch", "OSVersion": "6", "operator": "lt", "packageName": "tomcat6-jsp-2.1-api"}, {"packageFilename": "tomcat6-jsp-2.1-api-6.0.24-57.el6_4.noarch.rpm", "packageVersion": "6.0.24-57.el6_4", "OS": "Oracle Linux", "arch": "noarch", "OSVersion": "6", "operator": "lt", "packageName": "tomcat6-jsp-2.1-api"}, {"packageFilename": "tomcat6-6.0.24-57.el6_4.src.rpm", "packageVersion": "6.0.24-57.el6_4", "OS": "Oracle Linux", "arch": "src", "OSVersion": "6", "operator": "lt", "packageName": "tomcat6"}, {"packageFilename": "tomcat6-6.0.24-57.el6_4.src.rpm", "packageVersion": "6.0.24-57.el6_4", "OS": "Oracle Linux", "arch": "src", "OSVersion": "6", "operator": "lt", "packageName": "tomcat6"}, {"packageFilename": "tomcat6-webapps-6.0.24-57.el6_4.noarch.rpm", "packageVersion": "6.0.24-57.el6_4", "OS": "Oracle Linux", "arch": "noarch", "OSVersion": "6", "operator": "lt", "packageName": "tomcat6-webapps"}, {"packageFilename": "tomcat6-webapps-6.0.24-57.el6_4.noarch.rpm", "packageVersion": "6.0.24-57.el6_4", "OS": "Oracle Linux", "arch": "noarch", "OSVersion": "6", "operator": "lt", "packageName": "tomcat6-webapps"}, {"packageFilename": "tomcat6-el-2.1-api-6.0.24-57.el6_4.noarch.rpm", "packageVersion": "6.0.24-57.el6_4", "OS": "Oracle Linux", "arch": "noarch", "OSVersion": "6", "operator": "lt", "packageName": "tomcat6-el-2.1-api"}, {"packageFilename": "tomcat6-el-2.1-api-6.0.24-57.el6_4.noarch.rpm", "packageVersion": "6.0.24-57.el6_4", "OS": "Oracle Linux", "arch": "noarch", "OSVersion": "6", "operator": "lt", "packageName": "tomcat6-el-2.1-api"}, {"packageFilename": "tomcat6-javadoc-6.0.24-57.el6_4.noarch.rpm", "packageVersion": "6.0.24-57.el6_4", "OS": "Oracle Linux", "arch": "noarch", "OSVersion": "6", "operator": "lt", "packageName": "tomcat6-javadoc"}, {"packageFilename": "tomcat6-javadoc-6.0.24-57.el6_4.noarch.rpm", "packageVersion": "6.0.24-57.el6_4", "OS": "Oracle Linux", "arch": "noarch", "OSVersion": "6", "operator": "lt", "packageName": "tomcat6-javadoc"}, {"packageFilename": "tomcat6-docs-webapp-6.0.24-57.el6_4.noarch.rpm", "packageVersion": "6.0.24-57.el6_4", "OS": "Oracle Linux", "arch": "noarch", "OSVersion": "6", "operator": "lt", "packageName": "tomcat6-docs-webapp"}, {"packageFilename": "tomcat6-docs-webapp-6.0.24-57.el6_4.noarch.rpm", "packageVersion": "6.0.24-57.el6_4", "OS": "Oracle Linux", "arch": "noarch", "OSVersion": "6", "operator": "lt", "packageName": "tomcat6-docs-webapp"}, {"packageFilename": "tomcat6-lib-6.0.24-57.el6_4.noarch.rpm", "packageVersion": "6.0.24-57.el6_4", "OS": "Oracle Linux", "arch": "noarch", "OSVersion": "6", "operator": "lt", "packageName": "tomcat6-lib"}, {"packageFilename": "tomcat6-lib-6.0.24-57.el6_4.noarch.rpm", "packageVersion": "6.0.24-57.el6_4", "OS": "Oracle Linux", "arch": "noarch", "OSVersion": "6", "operator": "lt", "packageName": "tomcat6-lib"}, {"packageFilename": "tomcat6-6.0.24-57.el6_4.noarch.rpm", "packageVersion": "6.0.24-57.el6_4", "OS": "Oracle Linux", "arch": "noarch", "OSVersion": "6", "operator": "lt", "packageName": "tomcat6"}, {"packageFilename": "tomcat6-6.0.24-57.el6_4.noarch.rpm", "packageVersion": "6.0.24-57.el6_4", "OS": "Oracle Linux", "arch": "noarch", "OSVersion": "6", "operator": "lt", "packageName": "tomcat6"}, {"packageFilename": "tomcat6-servlet-2.5-api-6.0.24-57.el6_4.noarch.rpm", "packageVersion": "6.0.24-57.el6_4", "OS": "Oracle Linux", "arch": "noarch", "OSVersion": "6", "operator": "lt", "packageName": "tomcat6-servlet-2.5-api"}, {"packageFilename": "tomcat6-servlet-2.5-api-6.0.24-57.el6_4.noarch.rpm", "packageVersion": "6.0.24-57.el6_4", "OS": "Oracle Linux", "arch": "noarch", "OSVersion": "6", "operator": "lt", "packageName": "tomcat6-servlet-2.5-api"}, {"packageFilename": "tomcat6-admin-webapps-6.0.24-57.el6_4.noarch.rpm", "packageVersion": "6.0.24-57.el6_4", "OS": "Oracle Linux", "arch": "noarch", "OSVersion": "6", "operator": "lt", "packageName": "tomcat6-admin-webapps"}, {"packageFilename": "tomcat6-admin-webapps-6.0.24-57.el6_4.noarch.rpm", "packageVersion": "6.0.24-57.el6_4", "OS": "Oracle Linux", "arch": "noarch", "OSVersion": "6", "operator": "lt", "packageName": "tomcat6-admin-webapps"}], "references": [], "bulletinFamily": "unix", "hash": "0c18752d2a1774800f5115a64cdd6482de275f4b2b09ad4f83c8ed72771e7f5a", "enchantments": {"vulnersScore": 8.2}}

{"result": {"cve": [{"id": "CVE-2013-2067", "type": "cve", "title": "CVE-2013-2067", "description": "java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.", "published": "2013-06-01T10:21:05", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2067", "cvelist": ["CVE-2013-2067"], "lastseen": "2017-04-18T15:53:49"}], "openvas": [{"id": "OPENVAS:1361412562310803636", "type": "openvas", "title": "Apache Tomcat Session Fixation Vulnerability (Windows)", "description": "The host is running Apache Tomcat Server and is prone to session\n fixation vulnerability.", "published": "2013-06-06T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803636", "cvelist": ["CVE-2013-2067"], "lastseen": "2017-07-02T21:11:20"}, {"id": "OPENVAS:881750", "type": "openvas", "title": "CentOS Update for tomcat6 CESA-2013:0964 centos6 ", "description": "Check for the Version of tomcat6", "published": "2013-06-24T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=881750", "cvelist": ["CVE-2013-2067"], "lastseen": "2017-07-25T10:51:58"}, {"id": "OPENVAS:1361412562310123606", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0964", "description": "Oracle Linux Local Security Checks ELSA-2013-0964", "published": "2015-10-06T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123606", "cvelist": ["CVE-2013-2067"], "lastseen": "2017-07-24T12:52:55"}, {"id": "OPENVAS:871011", "type": "openvas", "title": "RedHat Update for tomcat6 RHSA-2013:0964-01", "description": "Check for the Version of tomcat6", "published": "2013-06-24T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=871011", "cvelist": ["CVE-2013-2067"], "lastseen": "2017-07-27T10:52:00"}, {"id": "OPENVAS:841442", "type": "openvas", "title": "Ubuntu Update for tomcat7 USN-1841-1", "description": "Check for the Version of tomcat7", "published": "2013-05-31T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=841442", "cvelist": ["CVE-2012-3544", "CVE-2013-2071", "CVE-2013-2067"], "lastseen": "2017-07-25T10:51:31"}, {"id": "OPENVAS:702897", "type": "openvas", "title": "Debian Security Advisory DSA 2897-1 (tomcat7 - security update)", "description": "Multiple security issues were found\nin the Tomcat servlet and JSP engine:\n\nCVE-2013-2067\nFORM authentication associates the most recent request requiring\nauthentication with the current session. By repeatedly sending a request\nfor an authenticated resource while the victim is completing the login\nform, an attacker could inject a request that would be executed using the\nvictim", "published": "2014-04-08T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=702897", "cvelist": ["CVE-2013-2071", "CVE-2013-4322", "CVE-2014-0050", "CVE-2013-2067", "CVE-2013-4286"], "lastseen": "2017-07-24T12:52:32"}, {"id": "OPENVAS:892725", "type": "openvas", "title": "Debian Security Advisory DSA 2725-1 (tomcat6 - several vulnerabilities)", "description": "Two security issues have been found in the Tomcat servlet and JSP engine:\n\nCVE-2012-3544 \nThe input filter for chunked transfer encodings could trigger high\nresource consumption through malformed CRLF sequences, resulting in\ndenial of service.\n\nCVE-2013-2067 \nThe FormAuthenticator module was vulnerable to session fixation.", "published": "2013-07-18T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=892725", "cvelist": ["CVE-2012-3544", "CVE-2012-5887", "CVE-2012-4431", "CVE-2012-2733", "CVE-2013-2067", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "lastseen": "2017-07-24T12:51:31"}, {"id": "OPENVAS:1361412562310121315", "type": "openvas", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201412-29", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201412-29", "published": "2015-09-29T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121315", "cvelist": ["CVE-2012-3544", "CVE-2013-2071", "CVE-2012-5887", "CVE-2014-0099", "CVE-2014-0119", "CVE-2013-4322", "CVE-2012-4431", "CVE-2012-2733", "CVE-2014-0050", "CVE-2013-2067", "CVE-2013-4286", "CVE-2013-4590", "CVE-2014-0096", "CVE-2014-0075", "CVE-2012-3546", "CVE-2012-5886", "CVE-2014-0033", "CVE-2012-4534", "CVE-2012-5885"], "lastseen": "2017-07-24T12:52:46"}], "nessus": [{"id": "TOMCAT_7_0_33.NASL", "type": "nessus", "title": "Apache Tomcat 7.0.x < 7.0.33 Session Fixation", "description": "According to its self-reported version number, the instance of Apache Tomcat 7.0 listening on the remote host is prior to 7.0.33. It is, therefore, affected by an error related to HTML form authentication and session fixation that allows an attacker to carry out requests using a victim's credentials.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2013-05-15T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=66427", "cvelist": ["CVE-2013-2067"], "lastseen": "2016-09-26T17:25:46"}, {"id": "CENTOS_RHSA-2013-0964.NASL", "type": "nessus", "title": "CentOS 6 : tomcat6 (CESA-2013:0964)", "description": "Updated tomcat6 packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nA session fixation flaw was found in the Tomcat FormAuthenticator module. During a narrow window of time, if a remote attacker sent requests while a user was logging in, it could possibly result in the attacker's requests being processed as if they were sent by the user.\n(CVE-2013-2067)\n\nUsers of Tomcat are advised to upgrade to these updated packages, which correct this issue. Tomcat must be restarted for this update to take effect.", "published": "2013-06-23T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=66965", "cvelist": ["CVE-2013-2067"], "lastseen": "2016-09-26T17:25:22"}, {"id": "REDHAT-RHSA-2013-0964.NASL", "type": "nessus", "title": "RHEL 6 : tomcat6 (RHSA-2013:0964)", "description": "Updated tomcat6 packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nA session fixation flaw was found in the Tomcat FormAuthenticator module. During a narrow window of time, if a remote attacker sent requests while a user was logging in, it could possibly result in the attacker's requests being processed as if they were sent by the user.\n(CVE-2013-2067)\n\nUsers of Tomcat are advised to upgrade to these updated packages, which correct this issue. Tomcat must be restarted for this update to take effect.", "published": "2013-06-21T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=66949", "cvelist": ["CVE-2013-2067"], "lastseen": "2017-01-06T02:14:46"}, {"id": "SL_20130620_TOMCAT6_ON_SL6_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : tomcat6 on SL6.x (noarch)", "description": "A session fixation flaw was found in the Tomcat FormAuthenticator module. During a narrow window of time, if a remote attacker sent requests while a user was logging in, it could possibly result in the attacker's requests being processed as if they were sent by the user.\n(CVE-2013-2067)\n\nTomcat must be restarted for this update to take effect.", "published": "2013-06-21T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=66952", "cvelist": ["CVE-2013-2067"], "lastseen": "2016-09-26T17:26:16"}, {"id": "ORACLELINUX_ELSA-2013-0964.NASL", "type": "nessus", "title": "Oracle Linux 6 : tomcat6 (ELSA-2013-0964)", "description": "From Red Hat Security Advisory 2013:0964 :\n\nUpdated tomcat6 packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nA session fixation flaw was found in the Tomcat FormAuthenticator module. During a narrow window of time, if a remote attacker sent requests while a user was logging in, it could possibly result in the attacker's requests being processed as if they were sent by the user.\n(CVE-2013-2067)\n\nUsers of Tomcat are advised to upgrade to these updated packages, which correct this issue. Tomcat must be restarted for this update to take effect.", "published": "2013-07-12T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=68838", "cvelist": ["CVE-2013-2067"], "lastseen": "2016-09-26T17:23:33"}, {"id": "SOLARIS11_TOMCAT_20140401_2.NASL", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_tomcat)", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data. (CVE-2012-3544)\n\n - java/org/apache/catalina/authenticator/FormAuthenticator .java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.\n (CVE-2013-2067)", "published": "2015-01-19T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80792", "cvelist": ["CVE-2012-3544", "CVE-2013-2067"], "lastseen": "2016-09-26T17:25:06"}, {"id": "TOMCAT_6_0_37.NASL", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.37 Multiple Vulnerabilities", "description": "According to its self-reported version number, the instance of Apache Tomcat 6.0 listening on the remote host is prior to 6.0.37. It is, therefore, affected by multiple vulnerabilities :\n\n - An error exists related to chunked transfer encoding and extensions that allows limited denial of service attacks. (CVE-2012-3544)\n\n - An error exists related to HTML form authentication and session fixation that allows an attacker to carry out requests using a victim's credentials. (CVE-2013-2067)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2013-05-15T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=66426", "cvelist": ["CVE-2012-3544", "CVE-2013-2067"], "lastseen": "2016-09-26T17:24:35"}, {"id": "DEBIAN_DSA-2725.NASL", "type": "nessus", "title": "Debian DSA-2725-1 : tomcat6 - several vulnerabilities", "description": "Two security issues have been found in the Tomcat servlet and JSP engine :\n\n - CVE-2012-3544 The input filter for chunked transfer encodings could trigger high resource consumption through malformed CRLF sequences, resulting in denial of service.\n\n - CVE-2013-2067 The FormAuthenticator module was vulnerable to session fixation.", "published": "2013-07-19T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=68971", "cvelist": ["CVE-2012-3544", "CVE-2013-2067"], "lastseen": "2016-09-26T17:25:16"}, {"id": "UBUNTU_USN-1841-1.NASL", "type": "nessus", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : tomcat6, tomcat7 vulnerabilities (USN-1841-1)", "description": "It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2012-3544)\n\nIt was discovered that Tomcat incorrectly handled certain authentication requests. A remote attacker could possibly use this flaw to inject a request that would get executed with a victim's credentials. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2013-2067)\n\nIt was discovered that Tomcat sometimes exposed elements of a previous request to the current request. This could allow a remote attacker to possibly obtain sensitive information. This issue only affected Ubuntu 12.10 and Ubuntu 13.04. (CVE-2013-2071).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2013-05-29T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=66670", "cvelist": ["CVE-2012-3544", "CVE-2013-2071", "CVE-2013-2067"], "lastseen": "2016-09-26T17:25:57"}, {"id": "OPENSUSE-2013-633.NASL", "type": "nessus", "title": "openSUSE Security Update : tomcat (openSUSE-SU-2013:1307-1)", "description": "Tomcat was updated to fix security issues and bug: CVE-2013-1976:\nAvoid a potential symlink race during startup of the tomcat server, where a local attacker that gaine access to the tomcat chroot could escalate privileges to root.\n\nCVE-2013-2067:\njava/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat did not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.\n\nCVE-2012-3544: Tomcat were affected by a chunked transfer encoding extension size denial of service vulnerability.\n\nAlso the following bug was fixed :\n\n - Fix tomcat init scripts generating malformed classpath (http://youtrack.jetbrains.com/issue/JT-18545) bnc#804992", "published": "2014-06-13T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=75107", "cvelist": ["CVE-2012-3544", "CVE-2013-2067", "CVE-2013-1976"], "lastseen": "2016-09-26T17:25:07"}], "redhat": [{"id": "RHSA-2013:0964", "type": "redhat", "title": "(RHSA-2013:0964) Moderate: tomcat6 security update", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA session fixation flaw was found in the Tomcat FormAuthenticator module.\nDuring a narrow window of time, if a remote attacker sent requests while a\nuser was logging in, it could possibly result in the attacker's requests\nbeing processed as if they were sent by the user. (CVE-2013-2067)\n\nUsers of Tomcat are advised to upgrade to these updated packages, which\ncorrect this issue. Tomcat must be restarted for this update to take\neffect.\n", "published": "2013-06-20T04:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0964", "cvelist": ["CVE-2013-2067"], "lastseen": "2017-03-05T09:18:40"}, {"id": "RHSA-2013:1012", "type": "redhat", "title": "(RHSA-2013:1012) Moderate: Red Hat JBoss Web Server 2.0.1 update", "description": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.0.0,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1\nRelease Notes for information on the most significant of these changes,\navailable shortly from https://access.redhat.com/site/documentation/\n\nThe following security issues are also fixed with this release:\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_proxy_balancer module's manager web interface. If a remote attacker\ncould trick a user, who was logged into the manager web interface, into\nvisiting a specially-crafted URL, it would lead to arbitrary web script\nexecution in the context of the user's manager interface session.\n(CVE-2012-4558)\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An\nattacker could possibly use these flaws to perform XSS attacks if they were\nable to make the victim's browser generate an HTTP request with a\nspecially-crafted Host header. (CVE-2012-3499)\n\nA session fixation flaw was found in the Tomcat FormAuthenticator module.\nDuring a narrow window of time, if a remote attacker sent requests while a\nuser was logging in, it could possibly result in the attacker's requests\nbeing processed as if they were sent by the user. (CVE-2013-2067)\n\nA denial of service flaw was found in the way the Tomcat chunked transfer\nencoding input filter processed CRLF sequences. A remote attacker could\nuse this flaw to send an excessively long request, consuming network\nbandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding\nis enabled by default. (CVE-2012-3544)\n\nA flaw was found in the way the Tomcat 7 asynchronous context\nimplementation performed request management in certain circumstances. If an\napplication used AsyncListeners and threw RuntimeExceptions, Tomcat could\nsend a reply that contains information from a different user's request,\npossibly leading to the disclosure of sensitive information. This issue\nonly affected Tomcat 7. (CVE-2013-2071)\n\nNote: Do not install Red Hat JBoss Web Server 2 on a host which has Red Hat\nJBoss Web Server 1 installed.\n\nWarning: Before applying the update, back up your existing Red Hat JBoss\nWeb Server installation (including all applications and configuration\nfiles).\n\nAll users of Red Hat JBoss Web Server 2.0.0 on Red Hat Enterprise Linux 6\nare advised to upgrade to Red Hat JBoss Web Server 2.0.1. The JBoss server\nprocess must be restarted for this update to take effect.", "published": "2013-07-03T19:40:17", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2013:1012", "cvelist": ["CVE-2012-3544", "CVE-2012-4558", "CVE-2013-2071", "CVE-2013-2067", "CVE-2012-3499"], "lastseen": "2017-03-31T19:19:39"}, {"id": "RHSA-2013:1011", "type": "redhat", "title": "(RHSA-2013:1011) Moderate: Red Hat JBoss Web Server 2.0.1 update", "description": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.0.0,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1\nRelease Notes for information on the most significant of these changes,\navailable shortly from https://access.redhat.com/site/documentation/\n\nThe following security issues are also fixed with this release:\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_proxy_balancer module's manager web interface. If a remote attacker\ncould trick a user, who was logged into the manager web interface, into\nvisiting a specially-crafted URL, it would lead to arbitrary web script\nexecution in the context of the user's manager interface session.\n(CVE-2012-4558)\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An\nattacker could possibly use these flaws to perform XSS attacks if they were\nable to make the victim's browser generate an HTTP request with a\nspecially-crafted Host header. (CVE-2012-3499)\n\nA session fixation flaw was found in the Tomcat FormAuthenticator module.\nDuring a narrow window of time, if a remote attacker sent requests while a\nuser was logging in, it could possibly result in the attacker's requests\nbeing processed as if they were sent by the user. (CVE-2013-2067)\n\nA denial of service flaw was found in the way the Tomcat chunked transfer\nencoding input filter processed CRLF sequences. A remote attacker could\nuse this flaw to send an excessively long request, consuming network\nbandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding\nis enabled by default. (CVE-2012-3544)\n\nA flaw was found in the way the Tomcat 7 asynchronous context\nimplementation performed request management in certain circumstances. If an\napplication used AsyncListeners and threw RuntimeExceptions, Tomcat could\nsend a reply that contains information from a different user's request,\npossibly leading to the disclosure of sensitive information. This issue\nonly affected Tomcat 7. (CVE-2013-2071)\n\nNote: Do not install Red Hat JBoss Web Server 2 on a host which has Red Hat\nJBoss Web Server 1 installed.\n\nWarning: Before applying the update, back up your existing Red Hat JBoss\nWeb Server installation (including all applications and configuration\nfiles).\n\nAll users of Red Hat JBoss Web Server 2.0.0 on Red Hat Enterprise Linux 5\nare advised to upgrade to Red Hat JBoss Web Server 2.0.1. The JBoss server\nprocess must be restarted for this update to take effect.\n", "published": "2013-07-03T04:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2013:1011", "cvelist": ["CVE-2012-3544", "CVE-2012-4558", "CVE-2013-2071", "CVE-2013-2067", "CVE-2012-3499"], "lastseen": "2016-09-04T11:17:58"}, {"id": "RHSA-2013:0839", "type": "redhat", "title": "(RHSA-2013:0839) Important: JBoss Enterprise Application Platform 6.1.0 update", "description": "JBoss Enterprise Application Platform 6 is a platform for Java applications\nbased on JBoss Application Server 7.\n\nThis release serves as a replacement for JBoss Enterprise Application\nPlatform 6.0.1, and includes bug fixes and enhancements. Refer to the 6.1.0\nRelease Notes for information on the most significant of these changes,\navailable shortly from https://access.redhat.com/site/documentation/\n\nSecurity fixes:\n\nXML encryption backwards compatibility attacks were found against various\nframeworks, including Apache CXF. An attacker could force a server to use\ninsecure, legacy cryptosystems, even when secure cryptosystems were enabled\non endpoints. By forcing the use of legacy cryptosystems, flaws such as\nCVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be\nrecovered from cryptograms and symmetric keys. (CVE-2012-5575)\n\nNote: Automatic checks to prevent CVE-2012-5575 are only run when\nWS-SecurityPolicy is used to enforce security requirements. It is best\npractice to use WS-SecurityPolicy to enforce security requirements.\n\nWhen applications running on JBoss Web used the COOKIE session tracking\nmethod, the org.apache.catalina.connector.Response.encodeURL() method\nreturned the URL with the jsessionid appended as a query string parameter\nwhen processing the first request of a session. An attacker could possibly\nexploit this flaw by performing a man-in-the-middle attack to obtain a\nuser's jsessionid and hijack their session, or by extracting the jsessionid\nfrom log files. Note that no session tracking method is used by default,\none must be configured. (CVE-2012-4529)\n\nIf multiple applications used the same custom authorization module class\nname, and provided their own implementations of it, the first application\nto be loaded will have its implementation used for all other applications\nusing the same custom authorization module class name. A local attacker\ncould use this flaw to deploy a malicious application that provides\nimplementations of custom authorization modules that permit or deny user\naccess according to rules supplied by the attacker. (CVE-2012-4572)\n\nRed Hat would like to thank Tibor Jager, Kenneth G. Paterson and Juraj\nSomorovsky of Ruhr-University Bochum for reporting CVE-2012-5575.\nCVE-2012-4572 was discovered by Josef Cacek of the Red Hat JBoss EAP\nQuality Engineering team.\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Application Platform installation and deployed applications.\nRefer to the Solution section for further details.\n\nAll users of JBoss Enterprise Application Platform 6.0.1 on Red Hat\nEnterprise Linux 5 are advised to upgrade to these updated packages. The\nJBoss server process must be restarted for the update to take effect.\n", "published": "2013-05-20T04:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0839", "cvelist": ["CVE-2011-2487", "CVE-2012-4572", "CVE-2012-5575", "CVE-2012-4529", "CVE-2011-1096", "CVE-2013-2067"], "lastseen": "2016-11-25T14:52:29"}, {"id": "RHSA-2013:0834", "type": "redhat", "title": "(RHSA-2013:0834) Important: JBoss Enterprise Application Platform 6.1.0 update", "description": "JBoss Enterprise Application Platform 6 is a platform for Java applications\nbased on JBoss Application Server 7.\n\nThis release serves as a replacement for JBoss Enterprise Application\nPlatform 6.0.1, and includes bug fixes and enhancements. Refer to the 6.1.0\nRelease Notes for information on the most significant of these changes,\navailable shortly from https://access.redhat.com/site/documentation/\n\nSecurity fixes:\n\nXML encryption backwards compatibility attacks were found against various\nframeworks, including Apache CXF. An attacker could force a server to use\ninsecure, legacy cryptosystems, even when secure cryptosystems were enabled\non endpoints. By forcing the use of legacy cryptosystems, flaws such as\nCVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be\nrecovered from cryptograms and symmetric keys. (CVE-2012-5575)\n\nNote: Automatic checks to prevent CVE-2012-5575 are only run when\nWS-SecurityPolicy is used to enforce security requirements. It is best\npractice to use WS-SecurityPolicy to enforce security requirements.\n\nWhen applications running on JBoss Web used the COOKIE session tracking\nmethod, the org.apache.catalina.connector.Response.encodeURL() method\nreturned the URL with the jsessionid appended as a query string parameter\nwhen processing the first request of a session. An attacker could possibly\nexploit this flaw by performing a man-in-the-middle attack to obtain a\nuser's jsessionid and hijack their session, or by extracting the jsessionid\nfrom log files. Note that no session tracking method is used by default,\none must be configured. (CVE-2012-4529)\n\nIf multiple applications used the same custom authorization module class\nname, and provided their own implementations of it, the first application\nto be loaded will have its implementation used for all other applications\nusing the same custom authorization module class name. A local attacker\ncould use this flaw to deploy a malicious application that provides\nimplementations of custom authorization modules that permit or deny user\naccess according to rules supplied by the attacker. (CVE-2012-4572)\n\nRed Hat would like to thank Tibor Jager, Kenneth G. Paterson and Juraj\nSomorovsky of Ruhr-University Bochum for reporting CVE-2012-5575.\nCVE-2012-4572 was discovered by Josef Cacek of the Red Hat JBoss EAP\nQuality Engineering team.\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Application Platform installation and deployed applications.\nRefer to the Solution section for further details.\n\nAll users of JBoss Enterprise Application Platform 6.0.1 on Red Hat\nEnterprise Linux 6 are advised to upgrade to these updated packages. The\nJBoss server process must be restarted for the update to take effect.\n", "published": "2013-05-20T04:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0834", "cvelist": ["CVE-2011-2487", "CVE-2012-4572", "CVE-2012-5575", "CVE-2012-4529", "CVE-2011-1096", "CVE-2013-2067"], "lastseen": "2017-03-03T11:18:39"}], "centos": [{"id": "CESA-2013:0964", "type": "centos", "title": "tomcat6 security update", "description": "**CentOS Errata and Security Advisory** CESA-2013:0964\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-June/019801.html\n\n**Affected packages:**\ntomcat6\ntomcat6-admin-webapps\ntomcat6-docs-webapp\ntomcat6-el-2.1-api\ntomcat6-javadoc\ntomcat6-jsp-2.1-api\ntomcat6-lib\ntomcat6-servlet-2.5-api\ntomcat6-webapps\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0964.html", "published": "2013-06-20T17:46:38", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2013-June/019801.html", "cvelist": ["CVE-2013-2067"], "lastseen": "2016-12-05T20:08:05"}], "debian": [{"id": "DSA-2725", "type": "debian", "title": "tomcat6 -- several vulnerabilities", "description": "Two security issues have been found in the Tomcat servlet and JSP engine:\n\n * [CVE-2012-3544](<https://security-tracker.debian.org/tracker/CVE-2012-3544>)\n\nThe input filter for chunked transfer encodings could trigger high resource consumption through malformed CRLF sequences, resulting in denial of service.\n\n * [CVE-2013-2067](<https://security-tracker.debian.org/tracker/CVE-2013-2067>)\n\nThe FormAuthenticator module was vulnerable to session fixation.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in version 6.0.35-1+squeeze3. This update also provides fixes for [CVE-2012-2733](<https://security-tracker.debian.org/tracker/CVE-2012-2733>), [CVE-2012-3546](<https://security-tracker.debian.org/tracker/CVE-2012-3546>), [CVE-2012-4431](<https://security-tracker.debian.org/tracker/CVE-2012-4431>), [CVE-2012-4534](<https://security-tracker.debian.org/tracker/CVE-2012-4534>), [CVE-2012-5885](<https://security-tracker.debian.org/tracker/CVE-2012-5885>), [CVE-2012-5886](<https://security-tracker.debian.org/tracker/CVE-2012-5886>) and [CVE-2012-5887](<https://security-tracker.debian.org/tracker/CVE-2012-5887>), which were all fixed for stable already.\n\nFor the stable distribution (wheezy), these problems have been fixed in version 6.0.35-6+deb7u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your tomcat6 packages.", "published": "2013-07-18T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-2725", "cvelist": ["CVE-2012-3544", "CVE-2013-2067"], "lastseen": "2016-09-02T18:34:19"}, {"id": "DSA-2897", "type": "debian", "title": "tomcat7 -- security update", "description": "Multiple security issues were found in the Tomcat servlet and JSP engine:\n\n * [CVE-2013-2067](<https://security-tracker.debian.org/tracker/CVE-2013-2067>)\n\nFORM authentication associates the most recent request requiring authentication with the current session. By repeatedly sending a request for an authenticated resource while the victim is completing the login form, an attacker could inject a request that would be executed using the victim's credentials.\n\n * [CVE-2013-2071](<https://security-tracker.debian.org/tracker/CVE-2013-2071>)\n\nA runtime exception in AsyncListener.onComplete() prevents the request from being recycled. This may expose elements of a previous request to a current request.\n\n * [CVE-2013-4286](<https://security-tracker.debian.org/tracker/CVE-2013-4286>)\n\nReject requests with multiple content-length headers or with a content-length header when chunked encoding is being used.\n\n * [CVE-2013-4322](<https://security-tracker.debian.org/tracker/CVE-2013-4322>)\n\nWhen processing a request submitted using the chunked transfer encoding, Tomcat ignored but did not limit any extensions that were included. This allows a client to perform a limited denial of service by streaming an unlimited amount of data to the server.\n\n * [CVE-2014-0050](<https://security-tracker.debian.org/tracker/CVE-2014-0050>)\n\nMultipart requests with a malformed Content-Type header could trigger an infinite loop causing a denial of service.\n\nFor the stable distribution (wheezy), these problems have been fixed in version 7.0.28-4+deb7u1.\n\nFor the testing distribution (jessie), these problems have been fixed in version 7.0.52-1.\n\nFor the unstable distribution (sid), these problems have been fixed in version 7.0.52-1.\n\nWe recommend that you upgrade your tomcat7 packages.", "published": "2014-04-08T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-2897", "cvelist": ["CVE-2013-2071", "CVE-2013-4322", "CVE-2014-0050", "CVE-2013-2067", "CVE-2013-4286"], "lastseen": "2016-09-02T18:28:05"}], "atlassian": [{"id": "ATLASSIAN:BSERV-3475", "type": "atlassian", "title": "Upgrade bundled Tomcat due to security vulnerabilities", "description": "There are some Tomcat security vulnerabilities reported against the bundled version 7.0.32:\r\n[CVE-2013-2067|http://mail-archives.apache.org/mod_mbox/www-announce/201305.mbox/%3C518CB1D4.1020106@apache.org%3E]\r\n[CVE-2013-2071|http://mail-archives.apache.org/mod_mbox/tomcat-announce/201305.mbox/%3C518CB1CC.6070909@apache.org%3E]\r\n[CVE-2012-3544|http://mail-archives.apache.org/mod_mbox/tomcat-announce/201305.mbox/%3C518CB1D9.6020808@apache.org%3E] - Not reported for Tomcat 7.0.32\r\n\r\nStash should be bundled with the latest Tomcat version 7.0.40 to ensure it contains a fix for the above security vulnerabilities.\r\n", "published": "2013-05-21T04:29:40", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://jira.atlassian.com/browse/BSERV-3475", "cvelist": ["CVE-2012-3544", "CVE-2013-2071", "CVE-2013-2067"], "lastseen": "2017-03-22T18:16:53"}, {"id": "ATLASSIAN:CONF-29345", "type": "atlassian", "title": "Upgrade bundled Tomcat to 6.0.37", "description": "Customer related a security flaw in Tomcat 6.0.35 and requests that we upgrade the bundled version.", "published": "2013-05-21T00:23:31", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://jira.atlassian.com/browse/CONF-29345", "cvelist": ["CVE-2012-3544", "CVE-2012-3439", "CVE-2012-2071", "CVE-2013-2071", "CVE-2012-4431", "CVE-2012-2733", "CVE-2013-2067", "CVE-2012-3546", "CVE-2012-4534"], "lastseen": "2017-03-22T18:16:54"}, {"id": "ATLASSIAN:CONFSERVER-29345", "type": "atlassian", "title": "Upgrade bundled Tomcat to 6.0.37", "description": "{panel:bgColor=#e7f4fa}\n *NOTE:* This suggestion is for *Confluence Server*. Using *Confluence Cloud*? [See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-29345].\n {panel}\n\nCustomer related a security flaw in Tomcat 6.0.35 and requests that we upgrade the bundled version.", "published": "2013-05-21T00:23:31", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://jira.atlassian.com/browse/CONFSERVER-29345", "cvelist": ["CVE-2012-3544", "CVE-2012-3439", "CVE-2012-2071", "CVE-2013-2071", "CVE-2012-4431", "CVE-2012-2733", "CVE-2013-2067", "CVE-2012-3546", "CVE-2012-4534"], "lastseen": "2017-04-02T10:17:25"}, {"id": "ATLASSIAN:CONFCLOUD-29345", "type": "atlassian", "title": "Upgrade bundled Tomcat to 6.0.37", "description": "{panel:bgColor=#e7f4fa}\n *NOTE:* This suggestion is for *Confluence Cloud*. Using *Confluence Server*? [See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-29345].\n {panel}\n\nCustomer related a security flaw in Tomcat 6.0.35 and requests that we upgrade the bundled version.", "published": "2013-05-21T00:23:31", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://jira.atlassian.com/browse/CONFCLOUD-29345", "cvelist": ["CVE-2012-3544", "CVE-2012-3439", "CVE-2012-2071", "CVE-2013-2071", "CVE-2012-4431", "CVE-2012-2733", "CVE-2013-2067", "CVE-2012-3546", "CVE-2012-4534"], "lastseen": "2017-04-02T10:17:24"}], "ubuntu": [{"id": "USN-1841-1", "type": "ubuntu", "title": "Tomcat vulnerabilities", "description": "It was discovered that Tomcat incorrectly handled certain requests \nsubmitted using chunked transfer encoding. A remote attacker could use this \nflaw to cause the Tomcat server to stop responding, resulting in a denial \nof service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. \n([CVE-2012-3544](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2012-3544>))\n\nIt was discovered that Tomcat incorrectly handled certain authentication \nrequests. A remote attacker could possibly use this flaw to inject a \nrequest that would get executed with a victim's credentials. This issue \nonly affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 12.10. \n([CVE-2013-2067](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-2067>))\n\nIt was discovered that Tomcat sometimes exposed elements of a previous \nrequest to the current request. This could allow a remote attacker to \npossibly obtain sensitive information. This issue only affected Ubuntu \n12.10 and Ubuntu 13.04. ([CVE-2013-2071](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-2071>))", "published": "2013-05-28T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/usn/usn-1841-1/", "cvelist": ["CVE-2012-3544", "CVE-2013-2071", "CVE-2013-2067"], "lastseen": "2017-08-09T19:13:36"}], "gentoo": [{"id": "GLSA-201412-29", "type": "gentoo", "title": "Apache Tomcat: Multiple vulnerabilities", "description": "### Background\n\nApache Tomcat is a Servlet-3.0/JSP-2.2 Container.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker may be able to cause a Denial of Service condition as well as obtain sensitive information, bypass protection mechanisms and authentication restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Tomcat 6.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-6.0.41\"\n \n\nAll Tomcat 7.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-7.0.56\"", "published": "2014-12-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/201412-29", "cvelist": ["CVE-2012-3544", "CVE-2013-2071", "CVE-2012-5887", "CVE-2014-0099", "CVE-2014-0119", "CVE-2013-4322", "CVE-2012-4431", "CVE-2012-2733", "CVE-2014-0050", "CVE-2013-2067", "CVE-2013-4286", "CVE-2013-4590", "CVE-2014-0096", "CVE-2014-0075", "CVE-2012-3546", "CVE-2012-5886", "CVE-2014-0033", "CVE-2012-4534", "CVE-2012-5885"], "lastseen": "2016-09-06T19:46:52"}]}}