SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Apache Tomcat Vendors:   Apache Software Foundation
(CentOS Issues Fix) Apache Tomcat Application Listener Facade Object Error Lets Remote Users Modify Data on the Target System
SecurityTracker Alert ID:  1039008
SecurityTracker URL:  http://securitytracker.com/id/1039008
CVE Reference:   CVE-2017-5648   (Links to External Site)
Date:  Jul 27 2017
Impact:   Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.0.0 to 7.0.75, 8.0.0.RC1 to 8.0.41, 8.5.0 to 8.5.11, 9.0.0.M1 to 9.0.0.M17
Description:   A vulnerability was reported in Apache Tomcat. A remote user can access and modify data on the target system.

Some application listener calls do not use the appropriate facade object. An untrusted application running under a SecurityManager can retain a reference to the call or response object and access or modify data associated with a different application.

Impact:   A remote user can access and modify data on the target system.
Solution:   CentOS has issued a fix.

x86_64:
43294259acd512850715ad15c50e7767bea30b2c123117f5f760eb4ad5d02e0b tomcat-7.0.69-12.el7_3.noarch.rpm
e4605d5673e75ee3592faef8b59d1a2a8efa0da6e3cd8b04064380698586f9a3 tomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm
6330befc3bd1b7ab35b89ceca55174d94f7e0fe9cf2201166e18c399d48a1687 tomcat-docs-webapp-7.0.69-12.el7_3.noarch.rpm
d89786225c6c877fc6134d8e45a85b7fc77169de14ffc543b26ab58299a36f6a tomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm
38a4c3e437b1b8d3e4baa175b70a2bdc2681c175c5f7c8d12867100fb9c45134 tomcat-javadoc-7.0.69-12.el7_3.noarch.rpm
2a27c95ad8005bb879140c28deac8f2fac5d85ba225a0abed4ad99956b3231a6 tomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm
dd585fca98f9ff44e927c5820e8731b8604bd23c4c282883ff89501da5476274 tomcat-jsvc-7.0.69-12.el7_3.noarch.rpm
37f28d949569ca81df0b5934ee32116069f912a640e5704d53a6ee521cca4d89 tomcat-lib-7.0.69-12.el7_3.noarch.rpm
726d723713f270e4fb0fed6a2a59c2b224da4e2cf0b2b458a90cf5fcc90331b4 tomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch.rpm
84766cc7724a0399ed3e9830ac5803249395cd4ddd5cab2bdb8730e9cca0a2f0 tomcat-webapps-7.0.69-12.el7_3.noarch.rpm

Source:
209cc83cab3a92eaa48d20eb364e982722e639c29f1e3c984e2e03d45fcdbe73 tomcat-7.0.69-12.el7_3.src.rpm

Cause:   Access control error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  7

Message History:   This archive entry is a follow-up to the message listed below.
Apr 11 2017 Apache Tomcat Application Listener Facade Object Error Lets Remote Users Modify Data on the Target System



 Source Message Contents

Subject:  [CentOS-announce] CESA-2017:1809 Important CentOS 7 tomcat Security Update


CentOS Errata and Security Advisory 2017:1809 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2017:1809

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
43294259acd512850715ad15c50e7767bea30b2c123117f5f760eb4ad5d02e0b  tomcat-7.0.69-12.el7_3.noarch.rpm
e4605d5673e75ee3592faef8b59d1a2a8efa0da6e3cd8b04064380698586f9a3  tomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm
6330befc3bd1b7ab35b89ceca55174d94f7e0fe9cf2201166e18c399d48a1687  tomcat-docs-webapp-7.0.69-12.el7_3.noarch.rpm
d89786225c6c877fc6134d8e45a85b7fc77169de14ffc543b26ab58299a36f6a  tomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm
38a4c3e437b1b8d3e4baa175b70a2bdc2681c175c5f7c8d12867100fb9c45134  tomcat-javadoc-7.0.69-12.el7_3.noarch.rpm
2a27c95ad8005bb879140c28deac8f2fac5d85ba225a0abed4ad99956b3231a6  tomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm
dd585fca98f9ff44e927c5820e8731b8604bd23c4c282883ff89501da5476274  tomcat-jsvc-7.0.69-12.el7_3.noarch.rpm
37f28d949569ca81df0b5934ee32116069f912a640e5704d53a6ee521cca4d89  tomcat-lib-7.0.69-12.el7_3.noarch.rpm
726d723713f270e4fb0fed6a2a59c2b224da4e2cf0b2b458a90cf5fcc90331b4  tomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch.rpm
84766cc7724a0399ed3e9830ac5803249395cd4ddd5cab2bdb8730e9cca0a2f0  tomcat-webapps-7.0.69-12.el7_3.noarch.rpm

Source:
209cc83cab3a92eaa48d20eb364e982722e639c29f1e3c984e2e03d45fcdbe73  tomcat-7.0.69-12.el7_3.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC