SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Apache Tomcat Vendors:   Apache Software Foundation
Apache Tomcat Lets Remote Authenticated Users Bypass Security Controls and View Files
SecurityTracker Alert ID:  1030298
SecurityTracker URL:  http://securitytracker.com/id/1030298
CVE Reference:   CVE-2014-0119   (Links to External Site)
Date:  May 27 2014
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.0.0 to 6.0.39, 7.0.0 to 7.0.53, 8.0.0-RC1 to 8.0.5
Description:   A vulnerability was reported in Apache Tomcat. A remote authenticated user can bypass security restrictions and view certain files on the target system.

In certain situations, a specially crafted web application can replace the XML parsers used by Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plugin configuration files and then bypass XML external entity restrictions and view XML files of other applications.

The Tomcat security team reported this vulnerability.

Impact:   A remote authenticated user can bypass security restrictions and view certain files on the target system.
Solution:   The vendor has issued a fix (6.0.41, 7.0.54, 8.0.8).

The vendor's advisory is available at:

http://tomcat.apache.org/security-8.html

Vendor URL:  tomcat.apache.org/security-8.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 7 2014 (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Authenticated Users Bypass Security Controls and View Files
Red Hat has issued a fix for JBoss.
May 18 2015 (IBM Issues Fix for IBM Power Hardware Management Console) Apache Tomcat Lets Remote Authenticated Users Bypass Security Controls and View Files
IBM has issued a fix for IBM Power Hardware Management Console.
Jul 30 2015 (Blue Coat Systems Issues Advisory for Blue Coat IntelligenceCenter) Apache Tomcat Lets Remote Authenticated Users Bypass Security Controls and View Files
Blue Coat Systems has issued an advisory for Blue Coat IntelligenceCenter 3.2 and 3.3.
Oct 16 2015 (HP Issues Fix for HP OpenVMS) Apache Tomcat Lets Remote Authenticated Users Bypass Security Controls and View Files
HP has issued a fix for HP OpenVMS.



 Source Message Contents

Subject:  [FD] [SECURITY] CVE-2014-0119 Apache Tomcat information disclosure

CVE-2014-0119 Information Disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Apache Tomcat 8.0.0-RC1 to 8.0.5
- Apache Tomcat 7.0.0 to 7.0.53
- Apache Tomcat 6.0.0 to 6.0.39

Description:
In limited circumstances it was possible for a malicious web application
to replace the XML parsers used by Tomcat to process XSLTs for the
default servlet, JSP documents, tag library descriptors (TLDs) and tag
plugin configuration files. The injected XMl parser(s) could then bypass
the limits imposed on XML external entities and/or have visibility of
the XML files processed for other web applications deployed on the same
Tomcat instance.

Mitigation:
Users of affected versions should apply one of the following mitigations
- Upgrade to Apache Tomcat 8.0.8 or later
  (8.0.6 and 8.0.7 contain the fix but were not released)
- Upgrade to Apache Tomcat 7.0.54 or later
- Upgrade to Apache Tomcat 6.0.41 or later
  (6.0.40 contains the fix but was not released)

Credit:
This issue was identified by the Tomcat security team.

References:
[1] http://tomcat.apache.org/security-8.html
[2] http://tomcat.apache.org/security-7.html
[3] http://tomcat.apache.org/security-6.html

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC