logo
DATABASE RESOURCES PRICING ABOUT US

Apache Tomcat Vulnerabilities May 2020 - Mar 2021

Description

**Summary** Symantec Network and Information Security (NIS) products using affected versions of Apache Tomcat may be susceptible to multiple vulnerabilities. A remote attacker may be able to execute arbitrary code on the target server, observe HTTP responses for other users' requests, obtain JSP source code, or cause denial of service. **Affected Product(s)** The following products and product versions are vulnerable to the CVEs listed. If a CVE is not listed, the product or version is not known to be vulnerable to it. **Management Center (MC)** --- **CVE** | **Supported Version(s)** | **Remediation** CVE-2020-13935 | 3.0 | Upgrade to later release with fixes. 3.1, 3.2 | Remediation is not available at this time. ** Additional Product Information** The following products are not vulnerable: **Advanced Secure Gateway (ASG) AuthConnector BCAAA Content Analysis (CA) General Auth Connector Login Application PacketShaper S-Series PolicyCenter S-Series ProxySG Reporter Security Analytics SSL Visibility (SSLV) ****Symantec Messaging Gateway (SMG) Unified Agent Web Isolation WSS Agent** **WSS Mobile Agent** The following products are under investigation:** HSM Agent** **Issue Details** **CVE-2020-9484** --- **Severity / CVSS v3.1:** | High / 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) **References:** | NVD: [CVE-2020-9484](<https://nvd.nist.gov/vuln/detail/CVE-2020-9484>) **Impact:** | Remote code execution **Description:** | A deserialization flaw allows a remote attacker to send crafted requests and execute arbitrary code on the target system. The attacker must have control over a file stored on the target system. **CVE-2020-11996** --- **Severity / CVSS v3.1:** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) **References:** | NVD: [CVE-2020-11996](<https://nvd.nist.gov/vuln/detail/CVE-2020-11996>) **Impact:** | Denial of service **Description:** | A flaw in HTTP/2 request handling allows a remote attacker to send crafted requests on concurrent HTTP/2 connections and cause denial of service through excessive CPU utilization. **CVE-2020-13934** --- **Severity / CVSS v3.1:** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) **References:** | NVD: [CVE-2020-13934](<https://nvd.nist.gov/vuln/detail/CVE-2020-13934>) **Impact:** | Denial of service **Description:** | A flaw in HTTP/1.1 to HTTP/2 protocol upgrade handling in direct h2c connections allows a remote attacker to cause denial of service through excessive memory utilization. **CVE-2020-13935** --- **Severity / CVSS v3.1:** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) **References:** | NVD: [CVE-2020-13935](<https://nvd.nist.gov/vuln/detail/CVE-2020-13935>) **Impact:** | Denial of service **Description:** | A flaw in WebSocket frame handling allows a remote attacker to cause denial of service through infinite CPU loops. **CVE-2020-13943** --- **Severity / CVSS v3.1:** | Medium / 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) **References:** | NVD: [CVE-2020-13943](<https://nvd.nist.gov/vuln/detail/CVE-2020-13943>) **Impact:** | Information disclosure **Description:** | A flaw in HTTP/2 concurrent stream handling can cause a remote attacker to cause users to see responses for other users' requests. This is a different vulnerability from CVE-2020-17527. **CVE-2020-17527** --- **Severity / CVSS v3.1:** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) **References:** | NVD: [CVE-2020-17527](<https://nvd.nist.gov/vuln/detail/CVE-2020-17527>) **Impact:** | Information disclosure **Description:** | A flaw in HTTP/2 concurrent stream handling can cause a remote attacker to cause users to see responses for other users' requests. This is a different vulnerability from CVE-2020-13943. **CVE-2021-24122** --- **Severity / CVSS v3.1:** | Medium / 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) **References:** | NVD: [CVE-2021-24122](<https://nvd.nist.gov/vuln/detail/CVE-2021-24122>) **Impact:** | Information disclosure **Description:** | A flaw in server-side source code handling allows a remote attacker to obtain JSP source code from a Windows-based server. **CVE-2021-25122** --- **Severity / CVSS v3.1:** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) **References:** | NVD: [CVE-2021-25122](<https://nvd.nist.gov/vuln/detail/CVE-2021-25122>) **Impact:** | Information disclosure **Description:** | A flaw in new HTTP/2 h2c request handling can cause a remote attacker to cause users to see responses for other users' requests. **CVE-2021-25329** --- **Severity / CVSS v3.1:** | High / 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) **References:** | NVD: [CVE-2021-25329](<https://nvd.nist.gov/vuln/detail/CVE-2021-25329>) **Impact:** | Remote code execution **Description:** | A deserialization flaw allows a remote attacker to send crafted requests and execute arbitrary code on the target system. The attacker must have control over a file stored on the target system. This is caused by an incomplete fix to CVE-2020-9484. **Mitigation** CVE-2020-13935 is exploitable in MC only when authenticated MC users send invalid WebSocket frames to the web management console. **References** Apache Tomcat 7 vulnerabilities - <http://tomcat.apache.org/security-7.html> Apache Tomcat 8 vulnerabilities - <http://tomcat.apache.org/security-8.html> Apache Tomcat 9 vulnerabilities - <http://tomcat.apache.org/security-9.html> Apache Tomcat 7 vulnerabilities - <http://tomcat.apache.org/security-10.html> **Revisions** 2021-08-12 MC 3.2 is vulnerable to CVE-2020-13935. 2021-06-01 A fix for MC 3.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2021-03-16 initial public release


Affected Software


CPE Name Name Version
management center (mc) 3
management center (mc) 3
management center (mc) 3

Related