Lucene search

K
rosalinuxROSA LABROSA-SA-2023-2258
HistoryOct 21, 2023 - 4:49 p.m.

Advisory ROSA-SA-2023-2258

2023-10-2116:49:43
ROSA LAB
abf.rosalinux.ru
24
apache tomcat
vulnerabilities
code execution
data leakage
denial of service

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

8.9 High

AI Score

Confidence

Low

0.922 High

EPSS

Percentile

99.0%

software: tomcat 9.0.37
WASP: ROSA-CHROME

package_evr_string: tomcat-9.0.37-3.src.rpm

CVE-ID: CVE-2020-9484
BDU-ID: 2020-03620
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the PersistenceManager component of the Apache Tomcat application server is related to the recovery of invalid data in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code using a specially crafted request
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update tomcat

CVE-ID: CVE-2021-24122
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59, and 7.0.0 to 7.0.106 were prone to JSP source code disclosure in some configurations. The main cause was unexpected behavior of the JRE API File.getCanonicalPath(), which in turn was caused by inconsistent behavior of the Windows API (FindFirstFileW) in some circumstances.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update tomcat

CVE-ID: CVE-2021-25122
BDU-ID: 2021-01807
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the HTTP/2 network protocol implementation of the Apache Tomcat application server is related to a lack of service data protection. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity, and availability of protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update tomcat

CVE-ID: CVE-2021-25329
BDU-ID: 2021-01808
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Apache Tomcat application server configuration implementation is related to the recovery of invalid data in memory as a result of buffer deserialization. Exploitation of the vulnerability could allow an attacker to execute arbitrary code using a specially crafted request
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update tomcat

CVE-ID: CVE-2021-30640
BDU-ID: 2021-03686
CVE-Crit: MEDIUM
CVE-DESC.: An implementation vulnerability in the JNDIRealm module of the Apache Tomcat application server is related to a flaw in the authentication mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update tomcat

CVE-ID: CVE-2021-33037
BDU-ID: 2021-03688
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in Apache Tomcat application server is related to a flaw in the processing of HTTP requests. Exploitation of the vulnerability could allow an attacker acting remotely to send a covert HTTP request (HTTP Request Smuggling attack).
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update tomcat

CVE-ID: CVE-2021-41079
BDU-ID: 2022-02994
CVE-Crit: HIGH
CVE-DESC.: An Apache Tomcat application server vulnerability exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted packet
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update tomcat

CVE-ID: CVE-2021-42340
BDU-ID: 2021-06115
CVE-Crit: N/A
CVE-DESC.: Apache Tomcat application server vulnerability is related to a memory leak. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service as a result of fixing bug 63362
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update tomcat

CVE-ID: CVE-2021-43980
BDU-ID: None
CVE-Crit: LOW
CVE-DESC.: A simplified read-write lock implementation introduced in Tomcat 10 and backported to Tomcat 9.0.47 and later has revealed a long-standing (but extremely difficult to run) concurrency bug in Apache Tomcat 10.1.0-10.1.0-M12, 10.0. 0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60, and 8.5.0 to 8.5.77, which could cause client connections to share a common Http11Processor instance, causing responses or portions of responses to be received by the wrong client. .
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update tomcat

CVE-ID: CVE-2022-23181
BDU-ID: 2022-06690
CVE-Crit: MEDIUM
CVE-DESC.: An Apache Tomcat application server vulnerability is related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker to escalate their privileges
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update tomcat

CVE-ID: CVE-2022-25762
BDU-ID: 2022-03062
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in Apache Tomcat application server is related to errors in simultaneously closing a WebSocket connection and sending a WebSocket message. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information or have other impact
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update tomcat

CVE-ID: CVE-2022-29885
BDU-ID: 2022-03434
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the implementation of the EncryptInterceptor class of the Apache Tomcat application server is related to incomplete program execution documentation. Exploiting the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update tomcat

CVE-ID: CVE-2022-34305
BDU-ID: 2022-03746
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the forms-based authentication examples in the Apache Tomcat Application Server web application examples exists due to failure to take measures to protect the structure of the web page. Exploitation of the vulnerability could allow a remote attacker to conduct a cross-site scripting (XSS) attack
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update tomcat

CVE-ID: CVE-2022-42252
BDU-ID: 2022-07501
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the implementation of the rejectIllegalHeader attribute of the Apache Tomcat application server is related to flaws in the processing of HTTP requests containing the Content-Length header. Exploitation of the vulnerability could allow a remote attacker to send a hidden HTTP request (HTTP Request Smuggling attack).
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update tomcat

CVE-ID: CVE-2023-28708
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: When using RemoteIpFilter with requests received from a reverse proxy server over HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1, up to 11.0.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71, and 8.5.0 to 8.5.85 did not include the Secure attribute. This may cause the user agent to transmit a session cookie over an insecure channel.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update tomcat

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchtomcat< 9.0.37UNKNOWN

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

8.9 High

AI Score

Confidence

Low

0.922 High

EPSS

Percentile

99.0%