SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Apache Tomcat Vendors:   Apache Software Foundation
Apache Tomcat Bugs Let Remote Users Bypass Security Restrictions, Hijack Sessions, and Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1035069
SecurityTracker URL:  http://securitytracker.com/id/1035069
CVE Reference:   CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763   (Links to External Site)
Date:  Feb 22 2016
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.x, 7.x, 8.x, 9.x
Description:   Multiple vulnerabilities were reported in Apache Tomcat. A remote user can bypass security controls on the target system. A remote user can obtain potentially sensitive information on the target system. A remote user can hijack the target user's session.

A remote user can re-use the session ID in a new request to conduct session fixation attacks and potentially hijack a target user's session [CVE-2015-5346]. Systems with an application configured to use the SSL session ID as the HTTP session ID are affected. Versions 7.0.5 to 7.0.65, 8.0.0.RC1 to 8.0.30, and 9.0.0.M1 are affected.

A remote user with access to the Manager or Host Manager applications can obtain a valid CSRF token during a redirect [CVE-2015-5351]. Versions 7.0.1 to 7.0.67, 8.0.0.RC1 to 8.0.31, and 9.0.0.M1 are affected.

An application can load the internal StatusManagerServlet to obtain a list of all deployed applications and a list of the HTTP request lines for all requests currently being processed [CVE-2016-0706]. Systems running untrusted web applications under a security manager are affected. Versions 6.0.0 to 6.0.44, 7.0.0 to 7.0.67, 8.0.0.RC1 to 8.0.30, and 9.0.0.M1 are affected.

A remote user can exploit session persistence mechanisms to bypass the SecurityManager and execute arbitrary code [CVE-2016-0714]. Systems running untrusted web applications under a security manager are affected. Versions 6.0.0 to 6.0.44, 7.0.0 to 7.0.67, 8.0.0.RC1 to 8.0.30, and 9.0.0.M1 are affected.

A web application can access the ResourceLinkFactory.setGlobalContext() public method and inject a malicious global context to disrupt other web applications or read and write data owned by other web applications [CVE-2016-0763]. Systems running untrusted web applications under a security manager are affected. Versions 7.0.0 to 7.0.67, 8.0.0.RC1 to 8.0.30, and 9.0.0.M1 to 9.0.0.M2 are affected.

Impact:   A remote user can bypass security controls on the target system.

A remote user can obtain potentially sensitive information on the target system.

A remote user can hijack the target user's session.

Solution:   The vendor has issued a fix (6.0.45, 7.0.68, 8.0.32, 9.0.0.M3).

The vendor's advisory is available at:

http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.68
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.32
http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M3

Vendor URL:  tomcat.apache.org/ (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Apr 5 2016 (HPE Issues Fix) Apache Tomcat Bugs Let Remote Users Bypass Security Restrictions, Hijack Sessions, and Obtain Potentially Sensitive Information
HPE has issued a fix for HP-UX 11.31.
May 5 2016 (IBM Issues Fix for IBM Tivoli Directory Server) Apache Tomcat Bugs Let Remote Users Bypass Security Restrictions, Hijack Sessions, and Obtain Potentially Sensitive Information
IBM has issued a fix for IBM Tivoli Directory Server.
May 19 2016 (Red Hat Issues Fix for JBoss) Apache Tomcat Bugs Let Remote Users Bypass Security Restrictions, Hijack Sessions, and Obtain Potentially Sensitive Information
Red Hat has issued a fix for JBoss Web Server for Red Hat Enterprise Linux 6 and 7.
Jun 1 2016 (HPE Issues Fix for OpenVMS) Apache Tomcat Bugs Let Remote Users Bypass Security Restrictions, Hijack Sessions, and Obtain Potentially Sensitive Information
HPE has issued a fix for OpenVMS.
Jul 6 2016 (Ubuntu Issues Fix) Apache Tomcat Bugs Let Remote Users Bypass Security Restrictions, Hijack Sessions, and Obtain Potentially Sensitive Information
Ubuntu has issued a fix for Ubuntu Linux 12.04 LTS, 14.04 LTS, 15.10, and 16.04 LTS.
Aug 9 2016 (IBM Issues Fix for IBM Cognos TM1) Apache Tomcat Bugs Let Remote Users Bypass Security Restrictions, Hijack Sessions, and Obtain Potentially Sensitive Information
IBM has issued a fix for IBM Cognos TM1.
Nov 4 2016 (Red Hat Issues Fix) Apache Tomcat Bugs Let Remote Users Bypass Security Restrictions, Hijack Sessions, and Obtain Potentially Sensitive Information
Red Hat has issued a fix for Red Hat Enterprise Linux 7.
Nov 4 2016 (Red Hat Issues Fix) Apache Tomcat Bugs Let Remote Users Bypass Security Restrictions, Hijack Sessions, and Obtain Potentially Sensitive Information
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Nov 15 2016 (HP Issues Fix for HPE SiteScope) Apache Tomcat Bugs Let Remote Users Bypass Security Restrictions, Hijack Sessions, and Obtain Potentially Sensitive Information
HP has issued a fix for HPE SiteScope.
Nov 18 2016 (Red Hat Issues Fix for Red Hat JBoss) Apache Tomcat Bugs Let Remote Users Bypass Security Restrictions, Hijack Sessions, and Obtain Potentially Sensitive Information
Red Hat has issued a fix for Red Hat JBoss for Red Hat Enterprise Linux 6 and 7.
Apr 19 2017 (Oracle Issues Fix for Oracle Fusion Middleware) Apache Tomcat Bugs Let Remote Users Bypass Security Restrictions, Hijack Sessions, and Obtain Potentially Sensitive Information
Oracle has issued a fix for Oracle Fusion Middleware.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC